Mercurial > p > roundup > code
view website/issues/html/home.about.html @ 8365:4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
Extensive fixes in devel, responsive templates known to be
exploitable.
Similar constructs in classic and minimal templates not known
to be exploitable, but changed anyway.
doc/upgrading.txt:
Reformat to 66 characters.
Update with assigned CVE number.
Add section on fixing tal:replace with unsafe data.
Document analysis and assumptions in comment in file.
doc/security.txt:
Update with CVE number.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Fri, 11 Jul 2025 19:30:27 -0400 |
| parents | 4155ed7f00f4 |
| children |
line wrap: on
line source
<!-- dollarId: issue.index,v 1.2 2001/07/29 04:07:37 richard Exp dollar--> <tal:block metal:use-macro="templates/page/macros/icing"> <title metal:fill-slot="head_title" i18n:translate="" > About this Tracker </title> <tal:block metal:fill-slot="body_title" i18n:translate=""> About this Tracker </tal:block> <div class="content" metal:fill-slot="content"> <span tal:condition="not:python:request.user.hasRole('Admin')" tal:omit-tag="python:1" i18n:translate=""> Please login with your username and password to find out about this tracker. </span> <div tal:condition="python:request.user.hasRole('Admin')" tal:omit-tag="python:1" i18n:translate=""> <div tal:replace="structure python:utils.AboutPage(db)"></div> </div> </div> </tal:block>