Google Git
Sign in
melange / soc / 53db8741583e32a1099eadd9824e56006c2609f8
commit53db8741583e32a1099eadd9824e56006c2609f8[log] [tgz]
authorRobert Spier <rspier@google.com>Mon Jul 06 15:28:43 2015 -0700
committerRobert Spier <rspier@google.com>Mon Jul 27 12:28:20 2015 -0700
tree8c27eb10a6d78678db7514a20d5d5ed2100f179a
parent325fb20db1721cc80463e00014777a71aeb4cee1 [diff]
HTML Escape column filter data.

HTML Escape column filter data when it is read back from the the
configuration cookie to prevent potential XSS.

Unwanted side effect: Strings with single quotes won't work properly.  This
is annoying, but because filters are not anchored, you can always filter for
Brian instead of O'Brian.  (For example.)

Change-Id: I821e1ddc9169ff5e5b0434117d887d170bfa627e
1 file changed
tree: 8c27eb10a6d78678db7514a20d5d5ed2100f179a
  1. app/
  2. configuration/
  3. patches/
  4. scripts/
  5. seeder/
  6. tests/
  7. thirdparty/
  8. .editorconfig
  9. .gitignore
  10. .jscsrc
  11. .jshintrc
  12. AUTHORS
  13. bootstrap.py
  14. buildout.cfg
  15. Dockerfile
  16. docs.config
  17. Gruntfile.js
  18. LICENSE-2.0.txt
  19. Makefile
  20. package.json
  21. pavement.py
  22. pylintrc
  23. README.md
  24. setup.cfg
  25. setup.py
  26. testem.json
README.md

Melange -- Spice of Creation