http://hg.code.sf.net:8000/p/roundup/code/atom-log/tip/share/roundup/templates/devel/html/user.item.html 2025-07-11T19:30:27-04:00 http://hg.code.sf.net:8000/p/roundup/code/#changeset-4ac0bbb3e440678d1f591777ceb5b43e360d3d25 John Rouillard rouilj@ieee.org 2025-07-11T19:30:27-04:00 2025-07-11T19:30:27-04:00

changeset	4ac0bbb3e440
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	bug(security): CVE-2025-53865 - XSS bug Extensive fixes in devel, responsive templates known to be exploitable. Similar constructs in classic and minimal templates not known to be exploitable, but changed anyway. doc/upgrading.txt: Reformat to 66 characters. Update with assigned CVE number. Add section on fixing tal:replace with unsafe data. Document analysis and assumptions in comment in file. doc/security.txt: Update with CVE number.
files

http://hg.code.sf.net:8000/p/roundup/code/#changeset-0e382e97f0e311c935908b01eb8b3b16ce0b099e John Rouillard rouilj@ieee.org 2024-07-07T10:49:40-04:00 2024-07-07T10:49:40-04:00

changeset	0e382e97f0e3
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	fix: disable spellchecking for password fields Some browser can send password to a server for spellchecking. This gives the browser a strong hint that they should not spellcheck a password. Since a Password is not supposed to be a real word in any language, spellchecking is worthless.
files

http://hg.code.sf.net:8000/p/roundup/code/#changeset-115e9883311e2659e6a8029909628daefa297cce Stefan Seefeld stefan@seefeld.name 2009-06-02T00:41:57+00:00 2009-06-02T00:41:57+00:00

changeset	115e9883311e
branch	gsoc-2009
bookmark
tag
user	Stefan Seefeld <stefan@seefeld.name>
description	Add new tracker template sandbox.
files