Files
@ 2ac4499b25eb
Branch filter:
Location: kallithea/docs/index.rst - annotation
2ac4499b25eb
1.3 KiB
text/prs.fallenstein.rst
lib: sanitize HTML for all types of README rendering, not only markdown
The repository summary page will display a rendered version of the
repository 'readme' based on its file extension. In commit 5746cc3b3fa5,
the rendered output was already sanitized when the input was markdown.
However, also readmes written in other formats, like ReStructuredText (RST)
or plain text could have content that we want sanitized.
Therefore, move the sanitizing one level up so it covers all renderers, for
now and the future.
This fixes an XSS issue when a repository readme contains javascript code,
which would be executed when the repository summary page is visited by a
user.
Reported by Bob Hogg <wombat@rwhogg.site> (thanks!).
The repository summary page will display a rendered version of the
repository 'readme' based on its file extension. In commit 5746cc3b3fa5,
the rendered output was already sanitized when the input was markdown.
However, also readmes written in other formats, like ReStructuredText (RST)
or plain text could have content that we want sanitized.
Therefore, move the sanitizing one level up so it covers all renderers, for
now and the future.
This fixes an XSS issue when a repository readme contains javascript code,
which would be executed when the repository summary page is visited by a
user.
Reported by Bob Hogg <wombat@rwhogg.site> (thanks!).
5f481e4e888b 5f481e4e888b 22a3fa3c4254 beb4cbf30d00 22a3fa3c4254 22a3fa3c4254 e71216a16853 e71216a16853 e71216a16853 2cbdbf55ed99 e71216a16853 2cbdbf55ed99 bdd1ddd05b7c 03bbd33bc084 03bbd33bc084 5f481e4e888b 03bbd33bc084 03bbd33bc084 2cbdbf55ed99 e71216a16853 2cbdbf55ed99 e71216a16853 e71216a16853 5f481e4e888b 5f481e4e888b 5f481e4e888b 5f481e4e888b 154becd92f40 5f481e4e888b 64b1a2320bcb d95ea48af67b e69d34136be5 57caeb60c52b 8075ec3d0233 8b8edfc25856 e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 2898ea3ff76c 2bb5e9ee49fe e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 2cbdbf55ed99 e71216a16853 2cbdbf55ed99 bb35ad076e2f bb35ad076e2f bb35ad076e2f bb35ad076e2f bbd499c7b55e 2bb5e9ee49fe aa17c7a1b8a5 bbd499c7b55e e71216a16853 beb4cbf30d00 beb4cbf30d00 e71216a16853 2cbdbf55ed99 bb35ad076e2f bb35ad076e2f bb35ad076e2f 8b8edfc25856 bb35ad076e2f 5262c498b3a0 9fd64dd2617d 5f481e4e888b fbbe80e3322b a60cd29ba7e2 5f481e4e888b 5f481e4e888b cc21a2b86a30 9472a0150bf0 5f481e4e888b a60cd29ba7e2 a60cd29ba7e2 a60cd29ba7e2 8b8edfc25856 | .. _index:
#######################
Kallithea Documentation
#######################
* :ref:`genindex`
* :ref:`search`
Readme
******
.. toctree::
:maxdepth: 1
readme
Administrator guide
*******************
**Installation and upgrade**
.. toctree::
:maxdepth: 1
overview
installation
installation_win
installation_win_old
installation_iis
installation_puppet
upgrade
**Setup and configuration**
.. toctree::
:maxdepth: 1
setup
administrator_guide/auth
administrator_guide/vcs_setup
usage/email
usage/customization
**Maintenance**
.. toctree::
:maxdepth: 1
usage/backup
usage/performance
usage/debugging
usage/troubleshooting
User guide
**********
.. toctree::
:maxdepth: 1
usage/general
usage/vcs_notes
usage/locking
usage/statistics
api/api
Developer guide
***************
.. toctree::
:maxdepth: 1
contributing
dev/translation
dev/dbmigrations
.. _virtualenv: http://pypi.python.org/pypi/virtualenv
.. _python: http://www.python.org/
.. _django: http://www.djangoproject.com/
.. _mercurial: https://www.mercurial-scm.org/
.. _bitbucket: http://bitbucket.org/
.. _subversion: http://subversion.tigris.org/
.. _git: http://git-scm.com/
.. _celery: http://celeryproject.org/
.. _Sphinx: http://sphinx.pocoo.org/
.. _vcs: http://pypi.python.org/pypi/vcs
|