Files
@ c9cfaeb1cdfe
Branch filter:
Location: kallithea/docs/usage/locking.rst - annotation
c9cfaeb1cdfe
1.1 KiB
text/prs.fallenstein.rst
tooltips: fix unsafe insertion of userdata into the DOM as html
This fixes js injection in the admin journal ... and probably also in other places.
Tooltips are used both with hardcoded strings (which is safe and simple) and
with user provided strings wrapped in html formatting (which requires careful
escaping before being put into the DOM as html). The templating will
automatically take care of one level of escaping, but here it requires two
levels to do it correctly ... and that was not always done correctly.
Instead, by default, just insert it into the DOM as text, not as html.
The few places where we know the tooltip contains safe html are handled
specially - the element is given the safe-html-title class. That is the case in
file annotation and in display of tip revision in repo lists.
This fixes js injection in the admin journal ... and probably also in other places.
Tooltips are used both with hardcoded strings (which is safe and simple) and
with user provided strings wrapped in html formatting (which requires careful
escaping before being put into the DOM as html). The templating will
automatically take care of one level of escaping, but here it requires two
levels to do it correctly ... and that was not always done correctly.
Instead, by default, just insert it into the DOM as text, not as html.
The few places where we know the tooltip contains safe html are handled
specially - the element is given the safe-html-title class. That is the case in
file annotation and in display of tip revision in repo lists.
aa17c7a1b8a5 aa17c7a1b8a5 8d065db04909 8d065db04909 8d065db04909 aa17c7a1b8a5 8d065db04909 8d065db04909 03bbd33bc084 03bbd33bc084 8d065db04909 8d065db04909 8d065db04909 aa17c7a1b8a5 8d065db04909 8d065db04909 aa17c7a1b8a5 8d065db04909 8d065db04909 8d065db04909 aa17c7a1b8a5 8d065db04909 8d065db04909 8d065db04909 8d065db04909 aa17c7a1b8a5 8d065db04909 8d065db04909 | .. _locking:
==================
Repository locking
==================
Kallithea has a ``repository locking`` feature, disabled by default. When
enabled, every initial clone and every pull gives users (with write permission)
the exclusive right to do a push.
When repository locking is enabled, repositories get a ``locked`` state that
can be true or false. The hg/git commands ``hg/git clone``, ``hg/git pull``,
and ``hg/git push`` influence this state:
- A ``clone`` or ``pull`` action on the repository locks it (``locked=true``)
if the user has write/admin permissions on this repository.
- Kallithea will remember the user who locked the repository so only this
specific user can unlock the repo (``locked=false``) by performing a ``push``
command.
- Every other command on a locked repository from this user and every command
from any other user will result in an HTTP return code 423 (Locked).
Additionally, the HTTP error includes the <user> that locked the repository
(e.g., “repository <repo> locked by user <user>”).
Each repository can be manually unlocked by an administrator from the
repository settings menu.
|