commit/galaxy-central: dannon: Prevent reflective XSS through message display.

19 Sep 2012

1 new commit in galaxy-central:


https://bitbucket.org/galaxy/galaxy-central/changeset/96871214fe2f/
changeset:   96871214fe2f
user:        dannon
date:        2012-09-19 16:32:19
summary:     Prevent reflective XSS through message display.
affected #:  1 file

diff -r 70b60fd07d6a0ab6889c79a9518fd894e13f9c8d -r 96871214fe2f962004decde001de94d1ba827e94 templates/message.mako

--- a/templates/message.mako
+++ b/templates/message.mako
@@ -82,12 +82,12 @@
 
 ## Render large message.
 <%def name="render_large_message( message, status )">
-    <div class="${status}messagelarge" style="margin: 1em">${_(message)}</div>
+    <div class="${status}messagelarge" style="margin: 1em">${_(message) | h}</div></%def>
 
 ## Render a message
 <%def name="render_msg( msg, status='done' )">
-    <div class="${status}message">${_(msg)}</div>
+    <div class="${status}message">${_(msg) | h}</div><br/></%def>

Repository URL: https://bitbucket.org/galaxy/galaxy-central/

--

This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.

    

Bitbucket

tags

participants (1)