Commit [184365] master History

[#6604] escape < to \u003C in JSON to ensure it cannot be parsed as HTML and be subject to XSS

Dave Brondsema Dave Brondsema 2013-08-26

Cory Johns Cory Johns 2013-08-26

Browse code at this revision

Parent(s): [e42b20]

Child(ren): [69db59]

changed Allura/allura/lib/patches.py
changed ForgeWiki/forgewiki/tests/functional/test_rest.py
Allura/allura/lib/patches.py Diff Switch to side-by-side view
Loading...
ForgeWiki/forgewiki/tests/functional/test_rest.py Diff Switch to side-by-side view
Loading...