commit | 53db8741583e32a1099eadd9824e56006c2609f8 | [log] [tgz] |
---|---|---|
author | Robert Spier <rspier@google.com> | Mon Jul 06 15:28:43 2015 -0700 |
committer | Robert Spier <rspier@google.com> | Mon Jul 27 12:28:20 2015 -0700 |
tree | 8c27eb10a6d78678db7514a20d5d5ed2100f179a | |
parent | 325fb20db1721cc80463e00014777a71aeb4cee1 [diff] |
HTML Escape column filter data. HTML Escape column filter data when it is read back from the the configuration cookie to prevent potential XSS. Unwanted side effect: Strings with single quotes won't work properly. This is annoying, but because filters are not anchored, you can always filter for Brian instead of O'Brian. (For example.) Change-Id: I821e1ddc9169ff5e5b0434117d887d170bfa627e
Melange -- Spice of Creation