Merge lp:~wgrant/loggerhead/bug-740142 into lp:loggerhead
Status: | Merged |
---|---|
Approved by: | Robert Collins |
Approved revision: | 448 |
Merged at revision: | 442 |
Proposed branch: | lp:~wgrant/loggerhead/bug-740142 |
Merge into: | lp:loggerhead |
Diff against target: |
247 lines (+96/-21) 6 files modified
loggerhead/controllers/view_ui.py (+1/-2) loggerhead/templatefunctions.py (+20/-12) loggerhead/tests/__init__.py (+1/-0) loggerhead/tests/test_simple.py (+7/-3) loggerhead/tests/test_util.py (+33/-0) loggerhead/util.py (+34/-4) |
To merge this branch: | bzr merge lp:~wgrant/loggerhead/bug-740142 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Robert Collins | Approve | ||
Review via email: mp+54463@code.launchpad.net |
Commit message
Properly escape filenames throughout loggerhead.
Description of the change
loggerhead.
This branch fixes all the holes I could find after a quickish examination. I've introduced a new html_format function which does safe HTML template formatting. All of loggerhead.
templatefunctions also failed to URL-encode some URL fragments. I can't think of any significant damage that could be done here besides breaking the page, but it was an easy and relevant fix necessary for testing.
Two things...
firstly, you probably want to copy the xml serialiser regex bzrlib has - its perf tested (we may render 10K filenames on a single page...).
And have you checked for performance impacts?