Files
@ df930758dcf7
Branch filter:
Location: kallithea/docs/api/models.rst - annotation
df930758dcf7
511 B
text/prs.fallenstein.rst
repos: extra HTML escaping of repo and repo group names shown in DataTables
These names will already have been "slugged" and can thus not contain anything
that can be used for any attack. But let's be explicitly safe and escape them
anyway.
raw_name without escaping would cause XSS *if* it was possible to create unsafe
repo names.
just_name must be escaped in order to make search work correctly - for example
if searching for '<' ... *if* it was possible for names to contain that.
These names will already have been "slugged" and can thus not contain anything
that can be used for any attack. But let's be explicitly safe and escape them
anyway.
raw_name without escaping would cause XSS *if* it was possible to create unsafe
repo names.
just_name must be escaped in order to make search work correctly - for example
if searching for '<' ... *if* it was possible for names to contain that.
64a5386216c5 bb35ad076e2f 17c9393e9645 22a3fa3c4254 bb35ad076e2f bb35ad076e2f 7e5f8c12a3fc bb35ad076e2f 8b8edfc25856 7e5f8c12a3fc 9da24750f563 8b8edfc25856 7e5f8c12a3fc bb35ad076e2f 9da24750f563 7e5f8c12a3fc 8b8edfc25856 bb35ad076e2f 499c513967a1 9da24750f563 8b8edfc25856 7e5f8c12a3fc bb35ad076e2f 8b8edfc25856 7e5f8c12a3fc 8b8edfc25856 8b8edfc25856 499c513967a1 8b8edfc25856 | .. _models:
========================
The :mod:`models` module
========================
.. automodule:: kallithea.model
:members:
.. automodule:: kallithea.model.comment
:members:
.. automodule:: kallithea.model.permission
:members:
.. automodule:: kallithea.model.repo
:members:
.. automodule:: kallithea.model.repo_group
:members:
.. automodule:: kallithea.model.scm
:members:
.. automodule:: kallithea.model.user
:members:
.. automodule:: kallithea.model.user_group
:members:
|