Mercurial > p > roundup > code
view website/issues/html/keyword.index.html @ 8062:28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
Directions for fixing:
* `CVE-2024-39124`_ - :ref:`classhelpers (_generic.help.html) are
vulnerable to an XSS attack. <CVE-2024-39124>` Requires fixing
tracker homes.
* `CVE-2024-39125`_ - :ref:`if Referer header is set to a script
tag, it will be executed. <CVE-2024-39125>` Fixed in release 2.4.0,
directions available for fixing in prior versions.
* `CVE-2024-39126`_ - :ref:`PDF, XML and SVG files downloaded from
an issue can contain embedded JavaScript which is
executed. <CVE-2024-39126>` Fixed in release 2.4.0, directions
available for fixing in prior versions.
prior to 2.4.0 release this weekend that fixes the last two CVE's.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 09 Jul 2024 09:07:09 -0400 |
| parents | 447a7647f237 |
| children |
line wrap: on
line source
<tal:block metal:use-macro="templates/page/macros/icing"> <title metal:fill-slot="head_title" > <span tal:omit-tag="true" i18n:translate="" >List of keywords</span> <span tal:condition="request/dispname" tal:replace="python:' - %s '%request.dispname" /> - <span tal:replace="config/TRACKER_NAME" /> </title> <span metal:fill-slot="body_title" tal:omit-tag="true"> <span tal:omit-tag="true" i18n:translate="" >List of keywords</span> <span tal:condition="request/dispname" tal:replace="python:' - %s' % request.dispname" /> </span> <tal:block metal:fill-slot="content"> <p tal:condition="python:not (context.is_view_ok() or request.user.hasRole('Anonymous'))" i18n:translate=""> You are not allowed to view this page.</p> <p tal:condition="python:not context.is_view_ok() and request.user.hasRole('Anonymous')" i18n:translate=""> Please login with your username and password.</p> <table width="100%" tal:condition="context/is_view_ok" class="list"> <tr> <th i18n:translate="">Keyword</th> <th i18n:translate="">Description</th> </tr> <tal:block repeat="keyword context/list"> <tr tal:attributes="class python:['normal', 'alt'][repeat['keyword'].index%6//3]"> <td> <a tal:attributes="href string:keyword${keyword/id}" tal:content="keyword/name">keyword name</a> </td> <td tal:content="python:keyword.description.plain() or default"> </td> </tr> </tal:block> <tr tal:condition="context/is_edit_ok"> <td colspan="2"><a href="keyword?@template=item">New Keyword</a></td> </tr> </table> </tal:block> </tal:block>