Merge lp://staging/~deryck/launchpad/xss-deleting-ssh-key-740160 into lp://staging/launchpad
Proposed by
Deryck Hodge
| Status: | Merged |
|---|---|
| Approved by: | Deryck Hodge |
| Approved revision: | no longer in the source branch. |
| Merged at revision: | 12955 |
| Proposed branch: | lp://staging/~deryck/launchpad/xss-deleting-ssh-key-740160 |
| Merge into: | lp://staging/launchpad |
| Diff against target: |
59 lines (+26/-5) 2 files modified
lib/lp/registry/browser/person.py (+1/-1) lib/lp/registry/browser/tests/test_sshkey.py (+25/-4) |
| To merge this branch: | bzr merge lp://staging/~deryck/launchpad/xss-deleting-ssh-key-740160 |
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Brad Crittenden (community) | code | Approve | |
|
Review via email:
|
|||
Commit message
[r=bac][bug=740160] Properly use structured to escape message text when removing ssh keys to avoid XSS vector.
Description of the change
This fixes the use of structured in the ssh keys view, so we don't end up with an XSS vector when removing ssh keys. See the linked bug for more info. I also added a test to ensure this message text is escaped.
To post a comment you must log in.
Revision history for this message
| Brad Crittenden (bac) | # |
review:
Approve
(code)
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
