Mercurial > p > roundup > code
comparison doc/spec.html @ 4623:4f9c3858b671
Fix another XSS with the ok- and error message, see issue2550724.
We solve this differently from the proposals in the bug-report by not
allowing *any* html-tags in ok/error messages anymore. Thanks to David
Benjamin for the bug-report and to Ezio Melotti for several proposed
fixes.
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Mon, 14 May 2012 14:17:07 +0200 |
| parents | b9c1226cb600 |
| children |
comparison
equal
deleted
inserted
replaced
| 4622:9d5825bf0b2d | 4623:4f9c3858b671 |
|---|