[Buildbot-commits] [buildbot/buildbot] fbd1f2: Fix XSS holes in /console

noreply at github.com noreply at github.com
Sat Oct 2 01:03:10 UTC 2010 

Branch: refs/heads/buildbot-0.8.1
Home:   http://github.com/buildbot/buildbot

Commit: fbd1f22de582c1e702401449bdc5762d35d163d5
    http://github.com/buildbot/buildbot/commit/fbd1f22de582c1e702401449bdc5762d35d163d5
Author: Dustin J. Mitchell <dustin at zmanda.com>
Date:   2010-10-01 (Fri, 01 Oct 2010)

Changed paths:
  M master/buildbot/status/web/templates/console.html

Log Message:
-----------
Fix XSS holes in /console

backport of
  5d5165652d96ad7a91a267ab9fe1adcdc67b414e


Commit: 5379782be141be8fdeeecf40c05d7224a60b0bc3
    http://github.com/buildbot/buildbot/commit/5379782be141be8fdeeecf40c05d7224a60b0bc3
Author: Amber Yust <ayust at yelp.com>
Date:   2010-10-01 (Fri, 01 Oct 2010)

Changed paths:
  M master/buildbot/status/web/templates/console.html

Log Message:
-----------
Don't need to double-escape comments.

changecomment already handles escaping for us.

backport of
  6499d21fc58b294a9f08df74eb6710d1a63cd67d


Commit: 246ec1b957fb5712c3590b2c6eadeb175e08cd34
    http://github.com/buildbot/buildbot/commit/246ec1b957fb5712c3590b2c6eadeb175e08cd34
Author: Dustin J. Mitchell <dustin at zmanda.com>
Date:   2010-10-01 (Fri, 01 Oct 2010)

Changed paths:
  M master/buildbot/status/web/templates/console.html

Log Message:
-----------
Back off some escaping on things that were verified as safe.

backport of
  200bb6227cc0bfcdbbeb530b3d7ac82ffc6090c4


Commit: adb6dca2da0cbe8bdf594eac2b184b0e5cf2c4b5
    http://github.com/buildbot/buildbot/commit/adb6dca2da0cbe8bdf594eac2b184b0e5cf2c4b5
Author: Amber Yust <ayust at yelp.com>
Date:   2010-10-01 (Fri, 01 Oct 2010)

Changed paths:
  M master/buildbot/status/web/base.py

Log Message:
-----------
Use cgi.escape for comment escaping.

jinja2.escape escapes too much (quote marks) for things
that aren't going to be placed in attribute values.

backport of
  e326c445bb0cf2fd0e27cafe0e561ea7163a1267


Commit: dc114ccab33e2076ea537082bcd22467913c83f2
    http://github.com/buildbot/buildbot/commit/dc114ccab33e2076ea537082bcd22467913c83f2
Author: Dustin J. Mitchell <dustin at zmanda.com>
Date:   2010-10-01 (Fri, 01 Oct 2010)

Changed paths:
  M master/buildbot/status/web/base.py

Log Message:
-----------
escape parts of comments correctly

A change comment gets broken up into (a) unmatched text and (b) matched
text, where the unmatched text must be escaped and the matched text
needs to be properly escaped *after* expanding match groups.

backport of
  21d74603ed7999c9b8801566e8a865e017df70b1


Commit: 4a5b02b7939de18cf424c6882af0b5d6c15678b9
    http://github.com/buildbot/buildbot/commit/4a5b02b7939de18cf424c6882af0b5d6c15678b9
Author: Dustin J. Mitchell <dustin at zmanda.com>
Date:   2010-10-01 (Fri, 01 Oct 2010)

Changed paths:
  M master/NEWS
  M master/buildbot/__init__.py
  M slave/NEWS
  M slave/buildslave/__init__.py

Log Message:
-----------
Bump version to 0.8.1p1 and update NEWS

More information about the Commits mailing list