Mercurial > p > roundup > code

diff website/issues/html/msg.item.html @ 8365:4ac0bbb3e440

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
bug(security): CVE-2025-53865 - XSS bug Extensive fixes in devel, responsive templates known to be exploitable. Similar constructs in classic and minimal templates not known to be exploitable, but changed anyway. doc/upgrading.txt: Reformat to 66 characters. Update with assigned CVE number. Add section on fixing tal:replace with unsafe data. Document analysis and assumptions in comment in file. doc/security.txt: Update with CVE number.
author John Rouillard <rouilj@ieee.org>
date Fri, 11 Jul 2025 19:30:27 -0400
parents f63a2b15e628
children
line wrap: on
line diff
--- a/website/issues/html/msg.item.html	Thu Jul 10 23:03:27 2025 -0400
+++ b/website/issues/html/msg.item.html	Fri Jul 11 19:30:27 2025 -0400
@@ -1,7 +1,8 @@
+<!-- dollarId: msg.item,v 1.3 2002/05/22 00:32:34 richard Exp dollar-->
 <tal:block metal:use-macro="templates/page/macros/icing">
 <title metal:fill-slot="head_title">
 <tal:block condition="context/id" i18n:translate=""
- >Message <span tal:replace="context/id" i18n:name="id"
+ >Message <tal:x tal:content="context/id" i18n:name="id"
  /> - <span tal:replace="config/TRACKER_NAME" i18n:name="tracker"
 /></tal:block>
 <tal:block condition="not:context/id" i18n:translate=""
Roundup Issue Tracker: http://roundup-tracker.org/