mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tvl-depot/web
History
sterni 7e408c874a fix(panettone): escape value attr of inputs if dynamic content 
I checked all :value attributes in panettone.lisp and wrapped them with
who:escape-string if its value comes from user-influenced places. Static
values or values from panettone internals are left as is.

I did not do a comprehensive check for other places where something
similar could happen though.

Fixes #92.

Change-Id: I134acc0d2f025f173588b37c19a93589365e879b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2401
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2021-01-25 20:11:58 +00:00
..
cgit-taz feat(camden): Move cgit to code.tvl.fyi 2020-06-12 01:14:21 +00:00
panettone fix(panettone): escape value attr of inputs if dynamic content 2021-01-25 20:11:58 +00:00
todolist feat(todolist): use static slapd user data for knownUsers 2021-01-18 23:18:55 +00:00
tvl chore(users/multi): remove user from the depot. 2021-01-23 21:13:39 +00:00