Mercurial > p > roundup > code

diff CHANGES.txt @ 4623:4f9c3858b671

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix another XSS with the ok- and error message, see issue2550724. We solve this differently from the proposals in the bug-report by not allowing *any* html-tags in ok/error messages anymore. Thanks to David Benjamin for the bug-report and to Ezio Melotti for several proposed fixes.
author Ralf Schlatterbeck <rsc@runtux.com>
date Mon, 14 May 2012 14:17:07 +0200
parents d2b90632fa87
children 21705126dafa
line wrap: on
line diff
--- a/CHANGES.txt	Mon May 14 13:04:20 2012 +0200
+++ b/CHANGES.txt	Mon May 14 14:17:07 2012 +0200
@@ -93,6 +93,11 @@
 - Mark cookies HttpOnly and -- if https is used -- secure. Fixes
   issue2550689, but is untested if this really works in browsers.
   Thanks to Joseph Myers for reporting. (Ralf)
+- Fix another XSS with the ok- and error message, see issue2550724. We
+  solve this differently from the proposals in the bug-report by not
+  allowing *any* html-tags in ok/error messages anymore. Thanks to 
+  David Benjamin for the bug-report and to Ezio Melotti for several
+  proposed fixes. (Ralf)
 
 
 2011-07-15: 1.4.19
Roundup Issue Tracker: http://roundup-tracker.org/