Fixing html_safe for noosfero
Alexandre Almeida Barbosa
alexandrealmeidabarbosa at gmail.com
Mon Apr 18 08:38:01 BRT 2016
Hi everyone,
We are finalizing the treatment of Noosfero's safe strings (with
html_safe), because at the moment Noosfero treats all strings as safe,
which allows users to inject malicious code. All the broken tests have been
fixed, but as the test suite does not cover all strings, some pages will
have a broken layout (HTML tags or special characters displayed). We need
the community support to fix the occurrences of this problem not covered by
the tests.
Branch:
- Participa: https://gitlab.com/participa/noosfero/commits/new_security
- Noosferogov:
https://softwarepublico.gov.br/gitlab/noosferogov/noosfero/commits/new_security
Att,
Alexandre Barbosa
--
Att,
Alexandre Almeida Barbosa
Engenheiro de Software
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160418/f0a579c8/attachment.html>
More information about the Noosfero-dev
mailing list