[Buildbot-commits] [buildbot/buildbot] a20cfe: Fix XSS holes in /console

noreply at github.com noreply at github.com
Sat Oct 2 01:03:09 UTC 2010 

Branch: refs/heads/buildbot-0.8.0
Home:   http://github.com/buildbot/buildbot

Commit: a20cfe078a31eabded5cf1b62ded28d1009518b1
    http://github.com/buildbot/buildbot/commit/a20cfe078a31eabded5cf1b62ded28d1009518b1
Author: Dustin J. Mitchell <dustin at zmanda.com>
Date:   2010-10-01 (Fri, 01 Oct 2010)

Changed paths:
  M buildbot/status/web/templates/console.html

Log Message:
-----------
Fix XSS holes in /console

backported from master:
  5d5165652d96ad7a91a267ab9fe1adcdc67b414e


Commit: f20d843ea2e0775579c3aa64a52b5b28b90d3099
    http://github.com/buildbot/buildbot/commit/f20d843ea2e0775579c3aa64a52b5b28b90d3099
Author: Amber Yust <ayust at yelp.com>
Date:   2010-10-01 (Fri, 01 Oct 2010)

Changed paths:
  M buildbot/status/web/templates/console.html

Log Message:
-----------
Don't need to double-escape comments.

changecomment already handles escaping for us.

backport of
  6499d21fc58b294a9f08df74eb6710d1a63cd67d


Commit: 03078f33382428ed325272aca84b458357d9aebe
    http://github.com/buildbot/buildbot/commit/03078f33382428ed325272aca84b458357d9aebe
Author: Dustin J. Mitchell <dustin at zmanda.com>
Date:   2010-10-01 (Fri, 01 Oct 2010)

Changed paths:
  M buildbot/status/web/templates/console.html

Log Message:
-----------
Back off some escaping on things that were verified as safe.

backport of
  200bb6227cc0bfcdbbeb530b3d7ac82ffc6090c4


Commit: 915d6cbe4455cf090b4bc81c502436ecfd256a9a
    http://github.com/buildbot/buildbot/commit/915d6cbe4455cf090b4bc81c502436ecfd256a9a
Author: Amber Yust <ayust at yelp.com>
Date:   2010-10-01 (Fri, 01 Oct 2010)

Changed paths:
  M buildbot/status/web/base.py

Log Message:
-----------
Use cgi.escape for comment escaping.

jinja2.escape escapes too much (quote marks) for things
that aren't going to be placed in attribute values.

backport of
  e326c445bb0cf2fd0e27cafe0e561ea7163a1267


Commit: cff8990ca606b971361bedac5a87c294ad77b4c1
    http://github.com/buildbot/buildbot/commit/cff8990ca606b971361bedac5a87c294ad77b4c1
Author: Dustin J. Mitchell <dustin at zmanda.com>
Date:   2010-10-01 (Fri, 01 Oct 2010)

Changed paths:
  M buildbot/status/web/base.py

Log Message:
-----------
escape parts of comments correctly

A change comment gets broken up into (a) unmatched text and (b) matched
text, where the unmatched text must be escaped and the matched text
needs to be properly escaped *after* expanding match groups.

backport of
  21d74603ed7999c9b8801566e8a865e017df70b1


Commit: c8bcce872a152fdc10d0a479ab58e9a59c9a71ef
    http://github.com/buildbot/buildbot/commit/c8bcce872a152fdc10d0a479ab58e9a59c9a71ef
Author: Dustin J. Mitchell <dustin at zmanda.com>
Date:   2010-10-01 (Fri, 01 Oct 2010)

Changed paths:
  M NEWS
  M buildbot/__init__.py

Log Message:
-----------
Bump version number to 0.8.0p1, edit NEWS

More information about the Commits mailing list