tigefa4u projects / Trac Commit Log

Commit	Date
[r2707] by cmlenz Fix double escaping issue for ticket details in timeline. Should close #2543.	2006-01-01 14:45:02	Tree
[r2706] by cmlenz Fix wrong navigation link for ''About'' module.	2006-01-01 14:31:22	Tree
[r2705] by cmlenz WebAdmin: updates following [2685].	2006-01-01 14:30:30	Tree
[r2704] by cmlenz Document the version in which new classes/functions were introduced.	2005-12-30 17:29:46	Tree
[r2703] by cmlenz Follow-up to [2700]: if the `render_unsafe_content` option is set to false, don't allow the direct rendering of any text content. This is to workaround the unfortunate fact that some browsers (IE and Safari) will sniff the actual content of a file to detect whether it contains HTML, and render the text as HTML if it does.	2005-12-30 17:26:26	Tree
[r2702] by cmlenz Allow the passing of parameters to the `util.Markup` constructor, which are automatically escaped and interpolated.	2005-12-30 17:12:00	Tree
[r2701] by cmlenz Project name and footer may contain markup.	2005-12-29 20:36:25	Tree
[r2700] by cmlenz * Don't render HTML/SVG/etc attachments in the browser unless the `render_unsafe_content` option in `[attachment]` is enabled. * Parse and rewrite the contents of inline HTML (`#!html` blocks), removing anything that could be abused to insert malicious code. Fixes #2473.	2005-12-29 19:51:48	Tree
[r2699] by cmlenz Ported [2698] to 0.9-stable.	2005-12-29 19:07:28	Tree
[r2698] by cmlenz Fix `Content-Disposition` header for alternative formats in changeset view.	2005-12-29 19:00:10	Tree

[r2707] by cmlenz

Fix double escaping issue for ticket details in timeline. Should close #2543.

2006-01-01 14:45:02

Tree

[r2706] by cmlenz

Fix wrong navigation link for ''About'' module.

2006-01-01 14:31:22

Tree

[r2705] by cmlenz

WebAdmin: updates following [2685].

2006-01-01 14:30:30

Tree

[r2704] by cmlenz

Document the version in which new classes/functions were introduced.

2005-12-30 17:29:46

Tree

[r2703] by cmlenz

Follow-up to [2700]: if the `render_unsafe_content` option is set to false, don't allow the direct rendering of any text content. This is to workaround the unfortunate fact that some browsers (IE and Safari) will sniff the actual content of a file to detect whether it contains HTML, and render the text as HTML if it does.

2005-12-30 17:26:26

Tree

[r2702] by cmlenz

Allow the passing of parameters to the `util.Markup` constructor, which are automatically escaped and interpolated.

2005-12-30 17:12:00

Tree

[r2701] by cmlenz

Project name and footer may contain markup.

2005-12-29 20:36:25

Tree

[r2700] by cmlenz

* Don't render HTML/SVG/etc attachments in the browser unless the `render_unsafe_content` option in `[attachment]` is enabled.
* Parse and rewrite the contents of inline HTML (`#!html` blocks), removing anything that could be abused to insert malicious code. Fixes #2473.

2005-12-29 19:51:48

Tree

[r2699] by cmlenz

Ported [2698] to 0.9-stable.

2005-12-29 19:07:28

Tree

[r2698] by cmlenz

Fix `Content-Disposition` header for alternative formats in changeset view.

2005-12-29 19:00:10

Tree

tigefa4u projects Trac

tigefa4u projects

Trac Commit Log