kallithea Files · kallithea/templates/password_reset

Files @ e965ff6f8cb3

Branch filter:

Location: kallithea/kallithea/templates/password_reset_confirmation.html - annotation

e965ff6f8cb3 2.1 KiB text/html Show Source Show as Raw Download as Raw

mads

setup: avoid bleach 3.1.4 for now - it seems to deliberately cause regressions

See https://github.com/mozilla/bleach/blob/master/CHANGES and
https://github.com/mozilla/bleach/commit/d6018f2539d271963c3e7f54f36ef11900363c69
... which adds xfails for use cases similar to how we use bleach.

It would completely remove style attributes instead of dropping bad parts of
them, as shown by the markup_renderer.py doctest it made fail:

>>> MarkupRenderer.render('''<img id="a" style="margin-top:-1000px;color:red" src="http://example.com/test.jpg">''', '.md')
Expected:
'<p><img id="a" src="http://example.com/test.jpg"; style="color: red;"></p>'
Got:
'<p><img id="a" src="http://example.com/test.jpg"; style=""></p>'

Until a better solution is found, stick to 3.1.3 and accept the potential
ReDoS.

f629e9a0c376
f629e9a0c376
f629e9a0c376
f629e9a0c376
f629e9a0c376
f629e9a0c376
f629e9a0c376
1f02a239c23c
1f02a239c23c
919cebd1073c
919cebd1073c
919cebd1073c
18a19c7d5145
1f02a239c23c
f629e9a0c376
f629e9a0c376
f629e9a0c376
f629e9a0c376
f629e9a0c376
f629e9a0c376
1f02a239c23c
f629e9a0c376
f629e9a0c376
f629e9a0c376
8b47181750a8
8b47181750a8
f629e9a0c376
d27572fa323c
d1923cd0521c
dd42c2ad28d7
8b47181750a8
f629e9a0c376
d27572fa323c
f629e9a0c376
d27572fa323c
d1923cd0521c
dd42c2ad28d7
2e1f40e605b0
f629e9a0c376
d27572fa323c
f629e9a0c376
d27572fa323c
d1923cd0521c
dd42c2ad28d7
2e1f40e605b0
f629e9a0c376
d27572fa323c
d27572fa323c
d27572fa323c
d27572fa323c
1433199fb0f5
f629e9a0c376
f629e9a0c376
f629e9a0c376
f629e9a0c376
f629e9a0c376
f629e9a0c376
919cebd1073c
919cebd1073c
919cebd1073c

## -*- coding: utf-8 -*-
<%inherit file="base/root.html"/>

<%block name="title">
    ${_('Reset Your Password')}
</%block>

<%include file="/base/flash_msg.html"/>

<div class="container">
<div class="row">
<div class="centered-column">
<div id="register" class="panel panel-primary">
    <div class="panel-heading">
        %if c.site_name:
            <h5>${_('Reset Your Password to %s') % c.site_name}</h5>
        %else:
            <h5>${_('Reset Your Password')}</h5>
        %endif
    </div>
    <div class="panel-body">
        ${h.form(h.url('reset_password_confirmation'), method='post')}
        <p>${_('You are about to set a new password for the email address %s.') % c.email}</p>
        <p>${_('Note that you must use the same browser session for this as the one used to request the password reset.')}</p>
        ${h.hidden('email', value=c.email)}
        ${h.hidden('timestamp', value=c.timestamp)}
        <div class="form">
                <div class="form-group">
                    <label class="control-label" for="token">${_('Code you received in the email')}:</label>
                    <div>
                        ${h.text('token', value=c.token, class_='form-control')}
                    </div>
                </div>

                <div class="form-group">
                    <label class="control-label" for="password">${_('New Password')}:</label>
                    <div>
                        ${h.password('password',class_='form-control')}
                    </div>
                </div>

                <div class="form-group">
                    <label class="control-label" for="password_confirm">${_('Confirm New Password')}:</label>
                    <div>
                        ${h.password('password_confirm',class_='form-control')}
                    </div>
                </div>

                <div class="form-group">
                    <div class="buttons">
                        ${h.submit('send',_('Confirm'),class_="btn btn-default")}
                    </div>
                </div>
        </div>
        ${h.end_form()}
    </div>
   </div>
</div>
</div>
</div>