Files @ 4f03bd5ac2f2
Branch filter:

Location: kallithea/dev_requirements.txt

4f03bd5ac2f2 205 B text/plain Show Annotation Show as Raw Download as Raw
mads
lib: handle both HTML, unsafe strings, and exceptions passed to helpers.flash()

Before, h.flash would trust any input to contain html ... and callers would
convert exceptions to string, often with a simple str() or unicode() ... which
really didn't deserve to be trusted.

Instead, only trust messages that have a __html__ and escape anything else ...
but also apply str/unicode on the parameter so the caller doesn't have to but
*can* pass an exception directly.
1
2
3
4
5
6
7
8
pytest >= 4.6.6, < 4.7
pytest-sugar >= 0.9.2, < 0.10
pytest-benchmark >= 3.2.2, < 3.3
pytest-localserver >= 0.5.0, < 0.6
mock >= 3.0.0, < 3.1
Sphinx >= 1.8.0, < 1.9
WebTest >= 2.0.3, < 2.1
isort == 4.3.21
Server instance: clio-25006 This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3. – Support