Mercurial > p > roundup > code
view share/roundup/templates/devel/html/help.css @ 4851:24b8011cd2dc
Fix XSS in issue2550817
Note that the code that triggers that particular bug is no longer in
roundup core. But the change to the templates we suggest is a *lot*
safer as it always escapes the error and ok messages now.
If you are upgrading: you *MUST* read doc/upgrading.txt and do the
necessary changes to your templates, the escaping now happens in the
template and not in the roundup code. So if you don't make the necessary
changes *you are vulnerable*.
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Fri, 20 Dec 2013 18:24:10 +0100 |
| parents | b419f29b1e2f |
| children |
line wrap: on
line source
@import url(style.css); body { padding: 0;} body > .header, body > .footer { margin: 0; } body .content { width: auto;} .header h1 { font-size: 110%; } table.classhelp th { border-top: 1px solid #afafaf; border-bottom: 1px solid #afafaf; empty-cells: show; text-align: left; vertical-align: middle; white-space: nowrap; } table.classhelp td { border-bottom: 1px solid #efefef; empty-cells: show; text-align: left; vertical-align: middle; white-space: nowrap; }