~juliank/autopkgtest-cloud:escape-url

Branch merges

Propose for merging

Merged into autopkgtest-cloud:master at revision 7c4c16e353154142b22713210817c163954f26fb

Ubuntu Release Team: Pending requested 2019-09-08

Diff: 22 lines (+2/-2)

1 file modified

webcontrol/request/app.py (+2/-2)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

5714b72... by Julian Andres Klode on 2019-09-10

webcontrol/request/app.py: Call str() on message in invalid()

invalid() can be called with an exception, so we need to convert
it to a string before passing it to html.escape.

b72fe7e... by Julian Andres Klode on 2019-09-10

webcontrol/request/app.py: Use html.escape instead of flask.escape

We don't really make use of Markup class, and this renders lists
of escaped values poorly, so let's switch to html.escape which
returns a str.

4e3c425... by Julian Andres Klode on 2019-09-10

webcontrol/request/app.py: Only escape values that are True-ish

We previously escaped stuff like None, which was not very
helpful, because we ended up with a Markup("None"), which
then evaluated to True later on.

This was causing issues for the nick case, because the nick was
submitted to launchpad for permission checking if it was not None,
which it was not anymore.

0247ca0... by Julian Andres Klode on 2019-09-09

webcontrol/request/app.py: Escape all arguments

Make sure we escape all arguments before working on them.

7401694... by Julian Andres Klode on 2019-09-09

webcontrol/request/app.py: Escape error messages and usernames

This prevents us from writing out HTML with data we have not
yet verified.

7c4c16e... by Alex Murray on 2019-09-03

webcontrol/request/app.py: Escape request URL to avoid XSS

de5bbf0... by Graham Inggs on 2019-09-05

Add mkl-dnn to big_packages on x86

9237bba... by Michael Hudson-Doyle on 2019-09-04

add cross-toolchain-base-mipsen to big_packages

8a69926... by Iain Lane on 2019-09-02

worker: makedumpfile is killing workers with a tar related error

I'm not sure exactly what's going on and/or why this is only manifesting
on s390x, but I think it's something to be investigated in the SRU
rather than on our side here.

7acbffa... by Dan Streetman on 2019-08-27

webcontrol/request/submit: allow = in value of env var

This allows systemd upstream to submit meson key-value params in the
CONFFLAGS_UPSTREAM variable, as described in:
https://github.com/systemd/systemd/pull/13399