Mercurial > p > roundup > code

diff website/issues/html/_generic.collision.html @ 8365:4ac0bbb3e440

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
bug(security): CVE-2025-53865 - XSS bug Extensive fixes in devel, responsive templates known to be exploitable. Similar constructs in classic and minimal templates not known to be exploitable, but changed anyway. doc/upgrading.txt: Reformat to 66 characters. Update with assigned CVE number. Add section on fixing tal:replace with unsafe data. Document analysis and assumptions in comment in file. doc/security.txt: Update with CVE number.
author John Rouillard <rouilj@ieee.org>
date Fri, 11 Jul 2025 19:30:27 -0400
parents c2d0d3e9099d
children
line wrap: on
line diff
--- a/website/issues/html/_generic.collision.html	Thu Jul 10 23:03:27 2025 -0400
+++ b/website/issues/html/_generic.collision.html	Fri Jul 11 19:30:27 2025 -0400
@@ -11,6 +11,6 @@
   There has been a collision. Another user updated this node
   while you were editing. Please <a href='${context}'>reload</a>
   the node and review your edits.
-"><span tal:replace="context/designator" i18n:name="context" />
+"><tal:x tal:content="context/designator" i18n:name="context" />
 </td>
 </tal:block>
Roundup Issue Tracker: http://roundup-tracker.org/