Mercurial > p > roundup > code

diff roundup/cgi/actions.py @ 4623:4f9c3858b671

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix another XSS with the ok- and error message, see issue2550724. We solve this differently from the proposals in the bug-report by not allowing *any* html-tags in ok/error messages anymore. Thanks to David Benjamin for the bug-report and to Ezio Melotti for several proposed fixes.
author Ralf Schlatterbeck <rsc@runtux.com>
date Mon, 14 May 2012 14:17:07 +0200
parents abd2db0a159a
children 21705126dafa
line wrap: on
line diff
--- a/roundup/cgi/actions.py	Mon May 14 13:04:20 2012 +0200
+++ b/roundup/cgi/actions.py	Mon May 14 14:17:07 2012 +0200
@@ -491,7 +491,7 @@
                             else:
                                 props[linkprop] = nodeid
 
-        return '<br>'.join(m)
+        return '\n'.join(m)
 
     def _changenode(self, cn, nodeid, props):
         """Change the node based on the contents of the form."""
Roundup Issue Tracker: http://roundup-tracker.org/