Mercurial > p > roundup > code
view roundup/exceptions.py @ 8356:63390dcfcfe9
bug: fix template use of structure with untrusted data
Looks like an xSS bug with an early version of the template that was
fixed in the code but never in the deployed tracker. It has been a
while since this particular construct has been in the classic template
which is the base for the tracker.
This has been fixed on the deployed tracker as well.
reported by 4bug of ChaMd5 Security Team H1 Group
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 08 Jul 2025 10:23:09 -0400 |
| parents | 273c8c2b5042 |
| children | e882a5d52ae5 |
line wrap: on
line source
"""Exceptions for use across all Roundup components. """ __docformat__ = 'restructuredtext' class RoundupException(Exception): pass class LoginError(RoundupException): pass class RateLimitExceeded(Exception): pass class Unauthorised(RoundupException): pass class RejectBase(RoundupException): pass class Reject(RejectBase): """An auditor may raise this exception when the current create or set operation should be stopped. It is up to the specific interface invoking the create or set to handle this exception sanely. For example: - mailgw will trap and ignore Reject for file attachments and messages - cgi will trap and present the exception in a nice format """ pass class RejectRaw(Reject): """ Performs the same function as Reject, except HTML in the message is not escaped when displayed to the user. """ pass class UsageError(ValueError): pass # vim: set filetype=python ts=4 sw=4 et si