Merge lp:~vauxoo/openobject-server/7.0-backport_new_html_sanitize into lp:openobject-server/7.0
Status: | Needs review |
---|---|
Proposed branch: | lp:~vauxoo/openobject-server/7.0-backport_new_html_sanitize |
Merge into: | lp:openobject-server/7.0 |
Diff against target: |
135 lines (+90/-14) 1 file modified
openerp/tools/mail.py (+90/-14) |
To merge this branch: | bzr merge lp:~vauxoo/openobject-server/7.0-backport_new_html_sanitize |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Olivier Dony (Odoo) | (surface scan) | Pending | |
Review via email: mp+186367@code.launchpad.net |
This proposal supersedes a proposal from 2013-09-18.
Description of the change
Overwritten method html_sanitizer from tools, to add 3 new features:
1) Avoid render a link to hosts not allowed, for this we add a new configuration with a host allow list in ir.configuration model
2) Avoide render a link with a scheme not allowed, also added a list with schemes allow like https in ir.configuration model
3) Backport new features from trunk branch
Unmerged revisions
- 5083. By Jose Antonio Morales Ponce(vauxoo) - - http://www.vauxoo.com
-
[IMP]
- 5082. By Jose Antonio Morales Ponce(vauxoo) - - http://www.vauxoo.com
-
[IMP] Added inpect to know the elements for method allowed
- 5081. By Jose Antonio Morales Ponce(vauxoo) - - http://www.vauxoo.com
-
[IMP] Change eval for safe_eval to better the code
- 5080. By Jose Antonio Morales Ponce(vauxoo) - - http://www.vauxoo.com
-
[IMP] Avoid apply eval if not exist configuration
- 5079. By Jose Antonio Morales Ponce(vauxoo) - - http://www.vauxoo.com
-
[IMP] Overwritten method html_sanitizer from tools, to add 3 new features:
1) Avoid render a link to hosts not allowed, for this we add a new configuration with a host allow list in ir.configuration model
2) Avoide render a link with a scheme not allowed, also added a list with schemes allow like https in ir.configuration model
3) Backport new features from trunk branch
- 5078. By Jose Antonio Morales Ponce(vauxoo) - - http://www.vauxoo.com
-
[IMP] Backport from trunk to add new features in html_sanitize method
Thanks for the proposal!
Assuming this MP is targeted to 7.0, you need to re-submit it with the correct target branch, which will solve the huge diff/conflicts problem.
Now, based on the summary and diff it seems more like an improvement/new feature than a bugfix, so it should actually be for trunk and not for 7.0.
Note: calling the normal eval() on a user-provided string is very dangerous, you should use ast.literal_eval or safe_eval. expr_eval.
Thanks,