Branch: refs/heads/dev Home: https://github.com/galaxyproject/galaxy Commit: 7dcc7a5af007483dc18a139ded42474d1f690d39 https://github.com/galaxyproject/galaxy/commit/7dcc7a5af007483dc18a139ded424... Author: Eric Rasche <rasche.eric@gmail.com> Date: 2016-04-22 (Fri, 22 Apr 2016) Changed paths: M client/galaxy/scripts/mvc/form/form-input.js M static/maps/mvc/form/form-input.js.map M static/scripts/bundled/analysis.bundled.js M static/scripts/bundled/analysis.bundled.js.map M static/scripts/bundled/libs.bundled.js.map M static/scripts/mvc/form/form-input.js M templates/webapps/galaxy/workflow/display.mako M templates/webapps/galaxy/workflow/run.mako Log Message: ----------- Fixes #2230 This sanitizes some instances where tool parameters were included directly into the DOM. workflow/run.mako displayed the parameter as a value in a hidden input. This was base64 encoded as there was no better solution apparent at the time. I'm not sure where this parameter is POSTed to but we should figure that out and b64decode it, or remove the hidden parameter. client/... added the parameter value into the DOM. This was easily sanitized using a standard method. workflow/display.mako included the parameter value directly into the HTML. This was cgi.esacped Commit: 1243bd5eb20083c9832d0bb6dbe1c5830c480ff7 https://github.com/galaxyproject/galaxy/commit/1243bd5eb20083c9832d0bb6dbe1c... Author: Aysam Guerler <aysam.guerler@gmail.com> Date: 2016-04-22 (Fri, 22 Apr 2016) Changed paths: M client/galaxy/scripts/mvc/form/form-input.js M static/maps/mvc/form/form-input.js.map M static/scripts/bundled/analysis.bundled.js M static/scripts/bundled/analysis.bundled.js.map M static/scripts/bundled/libs.bundled.js.map M static/scripts/mvc/form/form-input.js M templates/webapps/galaxy/workflow/display.mako M templates/webapps/galaxy/workflow/run.mako Log Message: ----------- Merge pull request #2231 from erasche/fix-2230 Fixes #2230 Compare: https://github.com/galaxyproject/galaxy/compare/46585014c09b...1243bd5eb200