Files
@ 9beef1d91c4c
Branch filter:
Location: kallithea/docs/index.rst - annotation
9beef1d91c4c
1.3 KiB
text/prs.fallenstein.rst
pullrequests: prevent XSS when 'Potential Reviewers' are selected and first and last names cannot be trusted
The user information passed to autocompleteFormatter from select2 is the raw
data which might contain HTML markup controlled by the user.
That could cause XSS issues, already when adding rogue users as reviewers on a PR.
To avoid that, make sure select2 use the default escapeMarkup function. In
addReviewMember, use .html_escape when expanding the reviewer template.
The user information passed to autocompleteFormatter from select2 is the raw
data which might contain HTML markup controlled by the user.
That could cause XSS issues, already when adding rogue users as reviewers on a PR.
To avoid that, make sure select2 use the default escapeMarkup function. In
addReviewMember, use .html_escape when expanding the reviewer template.
5f481e4e888b 5f481e4e888b 22a3fa3c4254 beb4cbf30d00 22a3fa3c4254 22a3fa3c4254 e71216a16853 e71216a16853 e71216a16853 2cbdbf55ed99 e71216a16853 2cbdbf55ed99 bdd1ddd05b7c 03bbd33bc084 03bbd33bc084 5f481e4e888b 03bbd33bc084 03bbd33bc084 2cbdbf55ed99 e71216a16853 2cbdbf55ed99 e71216a16853 e71216a16853 5f481e4e888b 5f481e4e888b 5f481e4e888b 5f481e4e888b 154becd92f40 5f481e4e888b 64b1a2320bcb d95ea48af67b e69d34136be5 57caeb60c52b 8075ec3d0233 8b8edfc25856 e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 2898ea3ff76c 2bb5e9ee49fe e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 e71216a16853 2cbdbf55ed99 e71216a16853 2cbdbf55ed99 bb35ad076e2f bb35ad076e2f bb35ad076e2f bb35ad076e2f bbd499c7b55e 2bb5e9ee49fe aa17c7a1b8a5 bbd499c7b55e e71216a16853 beb4cbf30d00 beb4cbf30d00 e71216a16853 2cbdbf55ed99 bb35ad076e2f bb35ad076e2f bb35ad076e2f 8b8edfc25856 bb35ad076e2f 5262c498b3a0 9fd64dd2617d 5f481e4e888b fbbe80e3322b a60cd29ba7e2 5f481e4e888b 5f481e4e888b cc21a2b86a30 9472a0150bf0 5f481e4e888b a60cd29ba7e2 a60cd29ba7e2 a60cd29ba7e2 8b8edfc25856 | .. _index:
#######################
Kallithea Documentation
#######################
* :ref:`genindex`
* :ref:`search`
Readme
******
.. toctree::
:maxdepth: 1
readme
Administrator guide
*******************
**Installation and upgrade**
.. toctree::
:maxdepth: 1
overview
installation
installation_win
installation_win_old
installation_iis
installation_puppet
upgrade
**Setup and configuration**
.. toctree::
:maxdepth: 1
setup
administrator_guide/auth
administrator_guide/vcs_setup
usage/email
usage/customization
**Maintenance**
.. toctree::
:maxdepth: 1
usage/backup
usage/performance
usage/debugging
usage/troubleshooting
User guide
**********
.. toctree::
:maxdepth: 1
usage/general
usage/vcs_notes
usage/locking
usage/statistics
api/api
Developer guide
***************
.. toctree::
:maxdepth: 1
contributing
dev/translation
dev/dbmigrations
.. _virtualenv: http://pypi.python.org/pypi/virtualenv
.. _python: http://www.python.org/
.. _django: http://www.djangoproject.com/
.. _mercurial: https://www.mercurial-scm.org/
.. _bitbucket: http://bitbucket.org/
.. _subversion: http://subversion.tigris.org/
.. _git: http://git-scm.com/
.. _celery: http://celeryproject.org/
.. _Sphinx: http://sphinx.pocoo.org/
.. _vcs: http://pypi.python.org/pypi/vcs
|