Mercurial > p > roundup > code
view roundup/cgi/TAL/TranslationContext.py @ 4851:24b8011cd2dc
Fix XSS in issue2550817
Note that the code that triggers that particular bug is no longer in
roundup core. But the change to the templates we suggest is a *lot*
safer as it always escapes the error and ok messages now.
If you are upgrading: you *MUST* read doc/upgrading.txt and do the
necessary changes to your templates, the escaping now happens in the
template and not in the roundup code. So if you don't make the necessary
changes *you are vulnerable*.
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Fri, 20 Dec 2013 18:24:10 +0100 |
| parents | 6e3e4f24c753 |
| children |
line wrap: on
line source
############################################################################## # # Copyright (c) 2001, 2002 Zope Corporation and Contributors. # All Rights Reserved. # # This software is subject to the provisions of the Zope Public License, # Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution. # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS # FOR A PARTICULAR PURPOSE. # ############################################################################## """Translation context object for the TALInterpreter's I18N support. The translation context provides a container for the information needed to perform translation of a marked string from a page template. """ DEFAULT_DOMAIN = "default" class TranslationContext: """Information about the I18N settings of a TAL processor.""" def __init__(self, parent=None, domain=None, target=None, source=None): if parent: if not domain: domain = parent.domain if not target: target = parent.target if not source: source = parent.source elif domain is None: domain = DEFAULT_DOMAIN self.parent = parent self.domain = domain self.target = target self.source = source