1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/8411a9f30feb/ Changeset: 8411a9f30feb Branch: stable User: dannon Date: 2013-12-19 20:38:03 Summary: Fix workflow import url XSS. Affected #: 1 file diff -r a9a0ac9c1afae8dd0d662c9c800d0228c883c107 -r 8411a9f30feb3a6fd15cecc09809afe2e24b5e79 templates/webapps/galaxy/workflow/import.mako --- a/templates/webapps/galaxy/workflow/import.mako +++ b/templates/webapps/galaxy/workflow/import.mako @@ -31,7 +31,7 @@ <form name="import_workflow" id="import_workflow" action="${h.url_for( controller='workflow', action='import_workflow' )}" enctype="multipart/form-data" method="POST"><div class="form-row"><label>Galaxy workflow URL:</label> - <input type="text" name="url" value="${url}" size="40"> + <input type="text" name="url" value="${url | h}" size="40"><div class="toolParamHelp" style="clear: both;"> If the workflow is accessible via a URL, enter the URL above and click <b>Import</b>. </div> Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.