2 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/1034c973ec1d/ Changeset: 1034c973ec1d Branch: next-stable User: guerler Date: 2014-12-01 17:52:01+00:00 Summary: Pages: Sanitize name column in items grid Affected #: 1 file diff -r 4569b8f31c883e6f38f6b04c665f93cb2af534ee -r 1034c973ec1d2ce424f711d750ecc6de582d02aa lib/galaxy/webapps/galaxy/controllers/page.py --- a/lib/galaxy/webapps/galaxy/controllers/page.py +++ b/lib/galaxy/webapps/galaxy/controllers/page.py @@ -8,6 +8,7 @@ from galaxy import util from galaxy.util.sanitize_html import sanitize_html, _BaseHTMLProcessor from galaxy.util.json import loads +from markupsafe import escape def format_bool( b ): if b: @@ -89,9 +90,9 @@ class NameColumn( grids.TextColumn ): def get_value(self, trans, grid, item): if hasattr( item, "get_display_name" ): - return item.get_display_name() + return escape(item.get_display_name()) else: - return item.name + return escape(item.name) # Grid definition. show_item_checkboxes = True https://bitbucket.org/galaxy/galaxy-central/commits/5393f6389105/ Changeset: 5393f6389105 User: guerler Date: 2014-12-01 17:52:17+00:00 Summary: Merge Affected #: 1 file diff -r d094b6d5953c1379a69050d4cadef03c55413f06 -r 5393f6389105d22bc8791f908075c152f11a4d2e lib/galaxy/webapps/galaxy/controllers/page.py --- a/lib/galaxy/webapps/galaxy/controllers/page.py +++ b/lib/galaxy/webapps/galaxy/controllers/page.py @@ -8,6 +8,7 @@ from galaxy import util from galaxy.util.sanitize_html import sanitize_html, _BaseHTMLProcessor from galaxy.util.json import loads +from markupsafe import escape def format_bool( b ): if b: @@ -89,9 +90,9 @@ class NameColumn( grids.TextColumn ): def get_value(self, trans, grid, item): if hasattr( item, "get_display_name" ): - return item.get_display_name() + return escape(item.get_display_name()) else: - return item.name + return escape(item.name) # Grid definition. show_item_checkboxes = True Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.