Files
@ 4f03bd5ac2f2
Branch filter:
Location: kallithea/MANIFEST.in - annotation
4f03bd5ac2f2
1.1 KiB
text/plain
lib: handle both HTML, unsafe strings, and exceptions passed to helpers.flash()
Before, h.flash would trust any input to contain html ... and callers would
convert exceptions to string, often with a simple str() or unicode() ... which
really didn't deserve to be trusted.
Instead, only trust messages that have a __html__ and escape anything else ...
but also apply str/unicode on the parameter so the caller doesn't have to but
*can* pass an exception directly.
Before, h.flash would trust any input to contain html ... and callers would
convert exceptions to string, often with a simple str() or unicode() ... which
really didn't deserve to be trusted.
Instead, only trust messages that have a __html__ and escape anything else ...
but also apply str/unicode on the parameter so the caller doesn't have to but
*can* pass an exception directly.
8cea7986ed79 ff08d3cf9aef ff08d3cf9aef ff08d3cf9aef 8cea7986ed79 ff08d3cf9aef ff08d3cf9aef ff08d3cf9aef ff08d3cf9aef ddfecf9fe7f2 8cea7986ed79 ff08d3cf9aef 8cea7986ed79 8cea7986ed79 8cea7986ed79 2d7a94f3eaae 0e6035a85980 7894a440e134 ff08d3cf9aef 8cea7986ed79 19a9f02443c8 ff08d3cf9aef ff08d3cf9aef 7e5f8c12a3fc ff08d3cf9aef ff08d3cf9aef 8cea7986ed79 8cea7986ed79 ff08d3cf9aef 8cea7986ed79 | include .coveragerc
include Apache-License-2.0.txt
include CONTRIBUTORS
include COPYING
include Jenkinsfile
include LICENSE-MERGELY.html
include LICENSE.md
include MIT-Permissive-License.txt
include README.rst
include conftest.py
include dev_requirements.txt
include development.ini
include pytest.ini
include requirements.txt
include tox.ini
recursive-include docs *
recursive-include init.d *
recursive-include kallithea/alembic *
include kallithea/bin/ldap_sync.conf
include kallithea/lib/paster_commands/template.ini.mako
recursive-include kallithea/front-end *
recursive-include kallithea/i18n *
recursive-include kallithea/public *
recursive-include kallithea/templates *
recursive-include kallithea/tests/fixtures *
recursive-include kallithea/tests/scripts *
include kallithea/tests/models/test_dump_html_mails.ref.html
include kallithea/tests/performance/test_vcs.py
include kallithea/tests/vcs/aconfig
recursive-include scripts *
|