kallithea Changeset - 8d76245daefa

Changeset - 8d76245daefa

Parent rev.

Child rev.

[Not reviewed]

default

0 1 0

Andrew Shadura - 11 years ago 2015-02-11 20:38:12
andrew@shadura.me

feed: urlify and escape the commit description

This prevents HTML injections and also makes URLs clickable.

1 file changed with 1 insertions and 1 deletions:

kallithea/controllers/feed.py

0 comments (0 inline, 0 general)

kallithea/controllers/feed.py

➞

Show inline comments

@@ @@ -98,25 +98,25 @@ class FeedController(BaseRepoController) @@
         if h.is_hg(c.db_repo_scm_instance):
             for book in cs.bookmarks:
                 desc_msg.append('bookmark: %s<br/>' % book)
         for tag in cs.tags:
             desc_msg.append('tag: %s<br/>' % tag)
         diff_processor, changes = self.__changes(cs)
         # rev link
         _url = h.canonical_url('changeset_home', repo_name=c.db_repo.repo_name,
                    revision=cs.raw_id)
         desc_msg.append('changeset: <a href="%s">%s</a>' % (_url, cs.raw_id[:8]))
         desc_msg.append('<pre>')
         desc_msg.append(cs.message)
+        desc_msg.append(h.urlify_text(cs.message))
         desc_msg.append('\n')
         desc_msg.extend(changes)
         if self.include_diff:
             desc_msg.append('\n\n')
             desc_msg.append(diff_processor.as_raw())
         desc_msg.append('</pre>')
         return map(safe_unicode, desc_msg)
     def atom(self, repo_name):
         """Produce an atom-1.0 feed via feedgenerator module"""
         @cache_region('long_term')

0 comments (0 inline, 0 general)