Menu

Commit [r2700]  Maximize  Restore  History

* Don't render HTML/SVG/etc attachments in the browser unless the `render_unsafe_content` option in `[attachment]` is enabled.

* Parse and rewrite the contents of inline HTML (`#!html` blocks), removing anything that could be abused to insert malicious code. Fixes #2473.

cmlenz 2005-12-29

Browse code at this revision

Parent: [r2699]

Child: [r2701]

changed /trunk/trac/attachment.py
changed /trunk/trac/db_default.py
changed /trunk/trac/tests/util.py
changed /trunk/trac/util.py
changed /trunk/trac/web/api.py
changed /trunk/trac/web/standalone.py
changed /trunk/trac/wiki/formatter.py
changed /trunk/trac/wiki/tests/wiki-tests.txt
/trunk/trac/attachment.py Diff Switch to side-by-side view
Loading...
/trunk/trac/db_default.py Diff Switch to side-by-side view
Loading...
/trunk/trac/tests/util.py Diff Switch to side-by-side view
Loading...
/trunk/trac/util.py Diff Switch to side-by-side view
Loading...
/trunk/trac/web/api.py Diff Switch to side-by-side view
Loading...
/trunk/trac/web/standalone.py Diff Switch to side-by-side view
Loading...
/trunk/trac/wiki/formatter.py Diff Switch to side-by-side view
Loading...
/trunk/trac/wiki/tests/wiki-tests.txt Diff Switch to side-by-side view
Loading...
MongoDB Logo MongoDB