Mercurial > p > roundup > code
view website/issues/html/home.html @ 4851:24b8011cd2dc
Fix XSS in issue2550817
Note that the code that triggers that particular bug is no longer in
roundup core. But the change to the templates we suggest is a *lot*
safer as it always escapes the error and ok messages now.
If you are upgrading: you *MUST* read doc/upgrading.txt and do the
necessary changes to your templates, the escaping now happens in the
template and not in the roundup code. So if you don't make the necessary
changes *you are vulnerable*.
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Fri, 20 Dec 2013 18:24:10 +0100 |
| parents | c2d0d3e9099d |
| children |
line wrap: on
line source
<!-- This is the default body that is displayed when people visit the tracker. The tag below lists the currently open issues. You may replace it with a greeting message, or a different list of issues or whatever. It's a good idea to have the issues on the front page though --> <span tal:replace="structure python:db.issue.renderWith('index', sort=[('-', 'activity')], filter=['status'], columns=['activity','title','creator'], filterspec={'status':['1','2','4']})" />