Merge lp:~sinzui/launchpad/product-release-file-api into lp:launchpad/db-devel
Proposed by
Curtis Hovey
on 2010-03-01
| Status: | Merged |
|---|---|
| Approved by: | Tim Penhey on 2010-03-01 |
| Approved revision: | no longer in the source branch. |
| Merged at revision: | not available |
| Proposed branch: | lp:~sinzui/launchpad/product-release-file-api |
| Merge into: | lp:launchpad/db-devel |
| Diff against target: |
33 lines (+11/-1) 2 files modified
lib/canonical/launchpad/doc/tales.txt (+10/-0) lib/canonical/launchpad/webapp/tales.py (+1/-1) |
| To merge this branch: | bzr merge lp:~sinzui/launchpad/product-release-file-api |
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Tim Penhey (community) | release-critical | Approve on 2010-03-01 | |
| Brad Crittenden (community) | code | 2010-03-01 | Approve on 2010-03-01 |
|
Review via email:
|
|||
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
This is my branch to secure <ProductRelease
lp:~sinzui/launchpad/product-release-file-api
Diff size: 34
Launchpad bug: https:/
Test command: ./bin/test -vv \
-t doc/tales.txt
Pre-
Target release: 10.02
Secure <ProductRelease
-------
ProductReleaseF
into a title attribute without any escaping.
Rules
-----
* Update the tales link formatter for ProductReleaseFile to escape the
the description.
QA
--
* Upload a file and set the description to:
>
* Verify when viewing the file on the release or download page that
you do not get a popup, instead you see the text when you hover over
the file link.
Lint
----
Linting changed files:
lib/canonical
lib/canonical
Test
----
* lib/canonical/
Added a test to verify that the description is escaped in the
link's title attribute.
Implementation
--------------
* lib/canonical/
Used cgi.escape() to create a safe description that can be placed
in the title of a link to download the file.