Files
@ df930758dcf7
Branch filter:
Location: kallithea/scripts/pyflakes - annotation
df930758dcf7
1.2 KiB
text/plain
repos: extra HTML escaping of repo and repo group names shown in DataTables
These names will already have been "slugged" and can thus not contain anything
that can be used for any attack. But let's be explicitly safe and escape them
anyway.
raw_name without escaping would cause XSS *if* it was possible to create unsafe
repo names.
just_name must be escaped in order to make search work correctly - for example
if searching for '<' ... *if* it was possible for names to contain that.
These names will already have been "slugged" and can thus not contain anything
that can be used for any attack. But let's be explicitly safe and escape them
anyway.
raw_name without escaping would cause XSS *if* it was possible to create unsafe
repo names.
just_name must be escaped in order to make search work correctly - for example
if searching for '<' ... *if* it was possible for names to contain that.
51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 abb83e4edfd9 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 abb83e4edfd9 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 51af7c12ffb1 | #!/usr/bin/env python3
"""
pyflakes with filter configuration for Kallithea.
Inspired by pyflakes/api.py and flake8/plugins/pyflakes.py .
"""
import sys
import pyflakes.api
import pyflakes.messages
class Reporter:
warned = False
def flake(self, warning):
# ignore known warnings
if isinstance(warning, pyflakes.messages.UnusedVariable):
return
if warning.filename == 'kallithea/bin/kallithea_cli_ishell.py':
if isinstance(warning, pyflakes.messages.ImportStarUsed) and warning.message_args == ('kallithea.model.db',):
return
if isinstance(warning, pyflakes.messages.UnusedImport) and warning.message_args == ('kallithea.model.db.*',):
return
print('%s:%s %s [%s %s]' % (warning.filename, warning.lineno, warning.message % warning.message_args, type(warning).__name__, warning.message_args))
self.warned = True
def unexpectedError(self, filename, msg):
print('Unexpected error for %s: %s' % (filename, msg))
reporter = Reporter()
for filename in sorted(set(sys.argv[1:])):
pyflakes.api.checkPath(filename, reporter=reporter)
if reporter.warned:
raise SystemExit(1)
|