2 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/changeset/847bafa6c4aa/ changeset: 847bafa6c4aa user: dan date: 2012-10-23 17:26:27 summary: HTML escape user defined values in repository grid. affected #: 1 file diff -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a -r 847bafa6c4aa94cb41e87f842081693f7526cf44 lib/galaxy/webapps/community/controllers/repository.py --- a/lib/galaxy/webapps/community/controllers/repository.py +++ b/lib/galaxy/webapps/community/controllers/repository.py @@ -20,6 +20,8 @@ from galaxy import eggs eggs.require('mercurial') from mercurial import hg, ui, patch, commands +eggs.require('markupsafe') +from markupsafe import escape as escape_html log = logging.getLogger( __name__ ) @@ -105,7 +107,7 @@ class RepositoryGrid( grids.Grid ): class NameColumn( grids.TextColumn ): def get_value( self, trans, grid, repository ): - return repository.name + return escape_html( repository.name ) class MetadataRevisionColumn( grids.GridColumn ): def __init__( self, col_name ): grids.GridColumn.__init__( self, col_name ) @@ -137,10 +139,10 @@ grids.GridColumn.__init__( self, col_name ) def get_value( self, trans, grid, repository ): """Display the repository tip revision label.""" - return repository.revision + return escape_html( repository.revision ) class DescriptionColumn( grids.TextColumn ): def get_value( self, trans, grid, repository ): - return repository.description + return escape_html( repository.description ) class CategoryColumn( grids.TextColumn ): def get_value( self, trans, grid, repository ): rval = '<ul>' @@ -161,7 +163,7 @@ class UserColumn( grids.TextColumn ): def get_value( self, trans, grid, repository ): if repository.user: - return repository.user.username + return escape_html( repository.user.username ) return 'no user' class EmailColumn( grids.TextColumn ): def filter( self, trans, user, query, column_filter ): https://bitbucket.org/galaxy/galaxy-central/changeset/8f82e2c36ec3/ changeset: 8f82e2c36ec3 user: dan date: 2012-10-23 17:26:27 summary: Tweak for escape_html_add_breaks affected #: 1 file diff -r 847bafa6c4aa94cb41e87f842081693f7526cf44 -r 8f82e2c36ec3da564aa0cdc507adad19e295b317 templates/webapps/community/common/common.mako --- a/templates/webapps/community/common/common.mako +++ b/templates/webapps/community/common/common.mako @@ -1,5 +1,7 @@ <%def name="escape_html_add_breaks( value )"><% + from galaxy import eggs + eggs.require('markupsafe') import markupsafe value = str( markupsafe.escape( value ) ).replace( '\n', '<br/>' ) %> Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.