kallithea Changeset - 8d76245daefa

Changeset - 8d76245daefa

Parent rev.

Child rev.

[Not reviewed]

default

0 1 0

Andrew Shadura - 11 years ago 2015-02-11 20:38:12
andrew@shadura.me

feed: urlify and escape the commit description

This prevents HTML injections and also makes URLs clickable.

1 file changed with 1 insertions and 1 deletions:

kallithea/controllers/feed.py

0 comments (0 inline, 0 general)

kallithea/controllers/feed.py

➞

Show inline comments

@@ @@ -107,7 +107,7 @@ class FeedController(BaseRepoController) @@
         desc_msg.append('changeset: <a href="%s">%s</a>' % (_url, cs.raw_id[:8]))
         desc_msg.append('<pre>')
         desc_msg.append(cs.message)
+        desc_msg.append(h.urlify_text(cs.message))
         desc_msg.append('\n')
         desc_msg.extend(changes)
         if self.include_diff:

0 comments (0 inline, 0 general)