Files
@ 81db5704b285
Branch filter:
Location: kallithea/.travis.yml - annotation
81db5704b285
834 B
application/yaml
cleanup: remove unnecessary (and potentially problematic) use of 'literal'
webhelpers.html.literal (kallithea.lib.helpers.literal) is only needed when
the passed string may contain HTML that needs to be interpreted literally.
It is unnecessary for plain strings.
Incorrect usage of literal can lead to XSS issues, via a malicious user
controlling data which will be rendered in other users' browsers. The data
could either be stored previously in the system or be part of a forged URL
the victim clicks on.
For example, when a user browses to a forged URL where a repository
changeset or branch name contains a javascript snippet, the snippet
was executed when printed on the page using 'literal'.
Remaining uses of 'literal' have been reviewed with no apparent problems
found.
Reported by Bob Hogg <wombat@rwhogg.site> (thanks!).
webhelpers.html.literal (kallithea.lib.helpers.literal) is only needed when
the passed string may contain HTML that needs to be interpreted literally.
It is unnecessary for plain strings.
Incorrect usage of literal can lead to XSS issues, via a malicious user
controlling data which will be rendered in other users' browsers. The data
could either be stored previously in the system or be part of a forged URL
the victim clicks on.
For example, when a user browses to a forged URL where a repository
changeset or branch name contains a javascript snippet, the snippet
was executed when printed on the page using 'literal'.
Remaining uses of 'literal' have been reviewed with no apparent problems
found.
Reported by Bob Hogg <wombat@rwhogg.site> (thanks!).
6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 703d3208424c 703d3208424c 703d3208424c 6ccf86ebfd4e 925c77b9d3f1 925c77b9d3f1 925c77b9d3f1 925c77b9d3f1 6ccf86ebfd4e 6ccf86ebfd4e 703d3208424c 703d3208424c 63d3d20cad95 63d3d20cad95 63d3d20cad95 64ee7cf4a76d 63d3d20cad95 63d3d20cad95 63d3d20cad95 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 63d3d20cad95 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 13c0ab8eb343 08af8038e1cc 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 69377d1d7604 | language: python
python:
- "2.6"
- "2.7"
env:
- TEST_DB=sqlite:////tmp/kallithea_test.sqlite
- TEST_DB=mysql://root@127.0.0.1/kallithea_test
- TEST_DB=postgresql://postgres@127.0.0.1/kallithea_test
services:
- mysql
- postgresql
# command to install dependencies
before_script:
- mysql -e 'create database kallithea_test;'
- psql -c 'create database kallithea_test;' -U postgres
- git --version
before_install:
- sudo apt-get remove git
- sudo add-apt-repository ppa:pdoes/ppa -y
- sudo apt-get update -y
- sudo apt-get install git -y
install:
- pip install mysql-python psycopg2 mock unittest2
- pip install . --use-mirrors
# command to run tests
script: nosetests
notifications:
email:
- ci@kallithea-scm.org
irc: "irc.freenode.org#kallithea"
branches:
only:
- master
|