0ct0pu5/wesnoth
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wesnoth/data/tools/addon_manager
History
Exact
Ignacio R. Morelle 0e707d641e wam: Fix HTML injection attack on the add-ons.wesnoth.org web interface 
This escapes all strings provided by add-ons server data to guarantee
they can't be used to get extraneous and potentially harmful HTML into
the generated web index.

However, and because I don't have time to look into the dense regex
contained in the relevant code right now, it also removes the hidden
feature of linkifying any URLs found in add-on descriptions. It's a
small price to pay for our safety, really.
2017-07-24 03:05:34 -04:00
..
__init__.py Fix some executable properties. 2008-09-30 15:07:09 +01:00
asc.gif addon_manager: 2008-10-12 13:05:11 +00:00
bg.gif addon_manager: 2008-10-12 13:05:11 +00:00
COPYING.txt Clarified the license of jquery.js and tablesorter.js... 2009-01-02 16:11:10 +00:00
desc.gif addon_manager: 2008-10-12 13:05:11 +00:00
html.py wam: Fix HTML injection attack on the add-ons.wesnoth.org web interface 2017-07-24 03:05:34 -04:00
jquery.js addon_manager: 2008-10-12 13:05:11 +00:00
style.css style.css: no margin-bottom for <pre> 2014-05-16 01:45:07 -04:00
tablesorter.js addon_manager: 2008-10-12 13:05:11 +00:00