tvl-depot/web/panettone
sterni 7e408c874a fix(panettone): escape value attr of inputs if dynamic content
I checked all :value attributes in panettone.lisp and wrapped them with
who:escape-string if its value comes from user-influenced places. Static
values or values from panettone internals are left as is.

I did not do a comprehensive check for other places where something
similar could happen though.

Fixes #92.

Change-Id: I134acc0d2f025f173588b37c19a93589365e879b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2401
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2021-01-25 20:11:58 +00:00
..
src fix(panettone): escape value attr of inputs if dynamic content 2021-01-25 20:11:58 +00:00
test feat(web/panettone): Log when users change issue statuses 2020-07-31 02:05:49 +00:00
.envrc feat(web/panettone): Add dev helpers for postgres db 2020-07-26 21:55:41 +00:00
.gitignore chore(web/panettone): ignore .fasl files 2020-07-26 20:12:37 +00:00
default.nix feat(panettone): Bring back + fix irccat issue creation announcement 2020-11-22 18:57:44 +00:00
docker-compose.yml feat(web/panettone): Add dev helpers for postgres db 2020-07-26 21:55:41 +00:00
OWNERS feat(web/panettone): The start of a very simple issue tracker 2020-07-23 19:47:38 +00:00
panettone.asd feat(web/panettone): Add initial styles 2020-07-23 22:20:00 +00:00
shell.nix feat(web/panettone): Add dev helpers for postgres db 2020-07-26 21:55:41 +00:00