Mercurial > p > roundup > code
view website/issues/detectors/no_texthtml.py @ 5287:07617c8d4efc
applying upgrade of 1.5.1 -> 1.6.0.
Upgraded login form.
Added @csrf tokens to forms using post.
Fix security issue by displaying username without escaping html
entities.
User queries hrefs have their names url quoted which makes multi word
queries a valid url.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sun, 24 Sep 2017 19:19:28 -0400 |
| parents | c2d0d3e9099d |
| children | 0942fe89e82e |
line wrap: on
line source
def audit_html_files(db, cl, nodeid, newvalues): if newvalues.has_key('type') and newvalues['type'] == 'text/html': newvalues['type'] = 'text/plain' def init(db): db.file.audit('set', audit_html_files) db.file.audit('create', audit_html_files)