Mercurial > p > roundup > code
view website/issues/html/style.css @ 8356:63390dcfcfe9
bug: fix template use of structure with untrusted data
Looks like an xSS bug with an early version of the template that was
fixed in the code but never in the deployed tracker. It has been a
while since this particular construct has been in the classic template
which is the base for the tracker.
This has been fixed on the deployed tracker as well.
reported by 4bug of ChaMd5 Security Team H1 Group
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 08 Jul 2025 10:23:09 -0400 |
| parents | 10a8a6bc4667 |
| children |
line wrap: on
line source
/* This is a copy of main Roundup website style.css from website/www/_static/style.css in source repository. */ /* layout*/ body { font-family: sans-serif, Arial, Helvetica; background-color: white; color: #333; margin:0; padding: 0 3em 0 13em; } body > .header { margin: 0 0 0 -13em;} body > .footer { margin: 0 0 0 -13em; clear:both;} body > .navigation { margin-left: -13em; width: 13em; float: left; } body > .content { width: 100%; margin: 0; } body > .header > #searchbox { position: absolute; right: 1em; top: 1em;} /* style */ :link { color: #bb0000; text-decoration: none;} :visited { color: #770000; text-decoration: none;} .header h1 { margin-left: 1em; } body { font-family: sans-serif, Arial, Helvetica; background-color: #f5f5f5; color: #333; } .menu { padding: 0; margin-right: 1em;} .menu ul { padding: 0; margin: 0; } .menu li { margin: 5pt 0; } .menu > ul > li > * { display: block; padding: 2pt 2pt 2pt 10pt; border: solid thin #dadada; background-color:#ffffff; } .menu > ul > li.current > * { background-color:#dddddd; } .menu ul li:first-child { margin-top:0;} .menu ul { list-style-type:none;} /* sub-menus are indented */ .menu > ul > li > ul, .menu > ul > li.current > ul { border: none; background-color: inherit; margin: 0; } .menu ul ul { margin-left: 2em; font-size: smaller; margin: 0 0 0 5pt; } /* sub-menu items draw a separator */ .menu ul ul > li { margin: 0; padding: 0; border: none; border-top: solid thin #dadada; background-color: inherit; } .menu ul ul > li:first-child { border-top: none; } .footer { font-size: small; text-align: center; color: black; } .content { padding: 1em; border: solid thin #dadada; background-color: #ffffff; } pre { white-space: pre-wrap; } #search { text-align: right; } p.ok-message { background-color: #eeffee; border: 1px solid #009900; padding: 5px; color: #009900; font-weight: bold; } p.error-message { background-color: #ffeeee; border: 1px solid #990000; padding: 5px; color: #990000; font-weight: bold; } /* This is a little hack to inject a 'news' block into the title page without having to set up a custom directive. */ #roundup-issue-tracker .note { float: right; width: auto; border: solid thin #dadada; background-color:#f5f5f5; padding: 1em; margin: 1em; } #roundup-issue-tracker .note .admonition-title { display: none; } table { border-collapse: collapse; border-spacing: 1px; background-color: #fafafa; } table:not(.list) th { text-align: left; padding-block-end: 0.75em; } table textarea { width: 99%; } table th[colspan] { text-align: center; } /* Need some space between content of Issue List columns */ td, th { padding-left: 1em; vertical-align: top; } tr.odd { background-color:#f5f5f5; } /* widen tables since headers have a lot of info and are squished and difficult to read */ table.messages, table.files { width: 95%; } /* Make sure that user name starts at the top of the change list and not in the middle Issue2550809: History display misalignment */ table.history td { vertical-align: top; } /* similar issue as above with history table. Align labels to the left at the top of possible multiline description and other columns */ table.classhelp td { vertical-align: top; } .required:before { content: "*"; color: red; font-weight: bold; } /* SHA: 2a5330c3d1ee6bf31e672e1c8a9317d11b7eb436 */