Files @ 4f03bd5ac2f2
Branch filter:

Location: kallithea/tox.ini - annotation

4f03bd5ac2f2 206 B text/x-ini Show Source Show as Raw Download as Raw
Mads Kiilerich
lib: handle both HTML, unsafe strings, and exceptions passed to helpers.flash()

Before, h.flash would trust any input to contain html ... and callers would
convert exceptions to string, often with a simple str() or unicode() ... which
really didn't deserve to be trusted.

Instead, only trust messages that have a __html__ and escape anything else ...
but also apply str/unicode on the parameter so the caller doesn't have to but
*can* pass an exception directly.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
2481c0a1ed31
768989c595aa
ab30729c735c
2481c0a1ed31
2481c0a1ed31
9c5e6984bd0e
9c5e6984bd0e
46662961d58d
dd676fdeda0f
b2195895bbd7
b2195895bbd7
46662961d58d
46662961d58d

[tox]
minversion = 1.8
envlist = py27-pytest

[testenv]
setenv =
    PYTHONHASHSEED = 0
deps =
    -r{toxinidir}/dev_requirements.txt
    python-ldap
    python-pam
commands =
    pytest: py.test {posargs}
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.