Mercurial > p > roundup > code

view website/issues/detectors/messagesummary.py @ 5684:97e2125e064c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
When we generate links from URL's in messages, we add rel="nofollow" to combat link spam. This change turns that into rel="nofollow noopener". This prevents the page at the end of the link from having access to the roundup window that displays the link. Details on the issue are are at: https://mathiasbynens.github.io/rel-noopener/ search web for noopener vulnerability. This problem usually requires a target="_blank" to really exploit it and we don't provide that. But adding noopener is extra protection.
author John Rouillard <rouilj@ieee.org>
date Sat, 30 Mar 2019 21:15:33 -0400
parents 0942fe89e82e
children
line wrap: on
line source

from roundup.mailgw import parseContent

def summarygenerator(db, cl, nodeid, newvalues):
    ''' If the message doesn't have a summary, make one for it.
    '''
    if 'summary' in newvalues or 'content' not in newvalues:
        return

    summary, content = parseContent(newvalues['content'], config=db.config)
    newvalues['summary'] = summary


def init(db):
    # fire before changes are made
    db.msg.audit('create', summarygenerator)

# vim: set filetype=python ts=4 sw=4 et si
#SHA: 538f90cb7f4eb63f77eca252b87afbe037d29c48
Roundup Issue Tracker: http://roundup-tracker.org/