Google Git
Sign in
melange / soc / 53db8741583e32a1099eadd9824e56006c2609f8
commit53db8741583e32a1099eadd9824e56006c2609f8[log] [tgz]
authorRobert Spier <rspier@google.com>Mon Jul 06 15:28:43 2015 -0700
committerRobert Spier <rspier@google.com>Mon Jul 27 12:28:20 2015 -0700
tree8c27eb10a6d78678db7514a20d5d5ed2100f179a
parent325fb20db1721cc80463e00014777a71aeb4cee1 [diff]
HTML Escape column filter data.

HTML Escape column filter data when it is read back from the the
configuration cookie to prevent potential XSS.

Unwanted side effect: Strings with single quotes won't work properly.  This
is annoying, but because filters are not anchored, you can always filter for
Brian instead of O'Brian.  (For example.)

Change-Id: I821e1ddc9169ff5e5b0434117d887d170bfa627e
1 file changed
tree: 8c27eb10a6d78678db7514a20d5d5ed2100f179a
  1. .editorconfig
  2. .gitignore
  3. .jscsrc
  4. .jshintrc
  5. AUTHORS
  6. Dockerfile
  7. Gruntfile.js
  8. LICENSE-2.0.txt
  9. Makefile
  10. README.md
  11. app/
  12. bootstrap.py
  13. buildout.cfg
  14. configuration/
  15. docs.config
  16. package.json
  17. patches/
  18. pavement.py
  19. pylintrc
  20. scripts/
  21. seeder/
  22. setup.cfg
  23. setup.py
  24. testem.json
  25. tests/
  26. thirdparty/
README.md

Melange -- Spice of Creation