Mercurial > p > roundup > code
view doc/glossary.txt @ 4880:ca692423e401
Different approach to fix XSS in issue2550817
Encapsulate the error/ok message append method as add_ok_message and
add_error_message. The new approach escapes the messages when appending
-- at a point in the code where we still know where the message comes
from. Escaping is the default but can bei turned off. This also fixes
issue2550836 where certain messages may contain links.
Another advantage of the new fix is that users don't need to change
installed trackers and are secure by default.
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Mon, 31 Mar 2014 18:19:23 +0200 |
| parents | 25fcb87a8301 |
| children | 6834bb5473da |
line wrap: on
line source
================ Roundup Glossary ================ class a definition of the properties and behaviour of a set of items db (or hyperdb) a collection of items designator a combined class + itemid reference to any item in the hyperdb itemid a numeric reference to a particular item of one class item a collection of data that forms one entry in the hyperdb. property one element of data that makes up an item. In Roundup, the set of item properties may be changed as needed - even after the tracker has been initialised and used in production. schema the definition of all the classes that make up an tracker tracker the schema and hyperdb that forms one issue tracker tracker home the physical location on disk of a tracker ----------------- Back to `Table of Contents`_ .. _`Table of Contents`: index.html