Files
@ df930758dcf7
Branch filter:
Location: kallithea/.coveragerc - annotation
df930758dcf7
1.1 KiB
text/plain
repos: extra HTML escaping of repo and repo group names shown in DataTables
These names will already have been "slugged" and can thus not contain anything
that can be used for any attack. But let's be explicitly safe and escape them
anyway.
raw_name without escaping would cause XSS *if* it was possible to create unsafe
repo names.
just_name must be escaped in order to make search work correctly - for example
if searching for '<' ... *if* it was possible for names to contain that.
These names will already have been "slugged" and can thus not contain anything
that can be used for any attack. But let's be explicitly safe and escape them
anyway.
raw_name without escaping would cause XSS *if* it was possible to create unsafe
repo names.
just_name must be escaped in order to make search work correctly - for example
if searching for '<' ... *if* it was possible for names to contain that.
7790b34a0cef 7790b34a0cef 7790b34a0cef 7790b34a0cef 7790b34a0cef 7790b34a0cef ddee465a345a 7790b34a0cef 7790b34a0cef 7790b34a0cef 7790b34a0cef 7790b34a0cef 7790b34a0cef 0acb46763886 4b241f198cf2 4b241f198cf2 4b241f198cf2 4b241f198cf2 4b241f198cf2 4b241f198cf2 4b241f198cf2 4b241f198cf2 4b241f198cf2 4b241f198cf2 4b241f198cf2 4b241f198cf2 4b241f198cf2 4b241f198cf2 4b241f198cf2 0acb46763886 0acb46763886 0acb46763886 0acb46763886 | [run]
omit =
# the bin scripts are not part of the Kallithea web app
kallithea/bin/*
# we ship with no active extensions
kallithea/config/rcextensions/*
# dbmigrate is not a part of the Kallithea web app
kallithea/lib/dbmigrate/*
# the tests themselves should not be part of the coverage report
kallithea/tests/*
# the scm hooks are not run in the kallithea process
kallithea/config/post_receive_tmpl.py
kallithea/config/pre_receive_tmpl.py
# same omit lines should be present in sections 'run' and 'report'
[report]
omit =
# the bin scripts are not part of the Kallithea web app
kallithea/bin/*
# we ship with no active extensions
kallithea/config/rcextensions/*
# dbmigrate is not a part of the Kallithea web app
kallithea/lib/dbmigrate/*
# the tests themselves should not be part of the coverage report
kallithea/tests/*
# the scm hooks are not run in the kallithea process
kallithea/config/post_receive_tmpl.py
kallithea/config/pre_receive_tmpl.py
[paths]
source =
kallithea/
**/workspace/*/kallithea
|