1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/cf07500dd390/ Changeset: cf07500dd390 User: dannon Date: 2013-12-19 20:38:03 Summary: Fix workflow import url XSS. Affected #: 1 file diff -r 235cd1515a88fc394328a636ca4f08eb5608f3bd -r cf07500dd390b0daed5a266d69f3ca20e92e06e0 templates/webapps/galaxy/workflow/import.mako --- a/templates/webapps/galaxy/workflow/import.mako +++ b/templates/webapps/galaxy/workflow/import.mako @@ -31,7 +31,7 @@ <form name="import_workflow" id="import_workflow" action="${h.url_for( controller='workflow', action='import_workflow' )}" enctype="multipart/form-data" method="POST"><div class="form-row"><label>Galaxy workflow URL:</label> - <input type="text" name="url" value="${url}" size="40"> + <input type="text" name="url" value="${url | h}" size="40"><div class="toolParamHelp" style="clear: both;"> If the workflow is accessible via a URL, enter the URL above and click <b>Import</b>. </div> Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.