- User Since
- Mar 22 2019, 7:03 AM (8 w, 2 d)
Wed, May 8
Tue, May 7
- fix failing tests and make minor changes
- Fix XSS in web API interface
@anlambert I think, I have added escape wherever it was vulnerable.
- Add escape for request.META
- Add escaping for BadInputExc
- Add character escaping at more places
- Merge branch 'master' of https://forge.softwareheritage.org/source/swh-web into xss
@anlambert We need to remember to use 'escape' unsafe things, whenever marking some html as safe.
- move mark_safe to _generate_error_page
- use mark_safe with escape
Mon, May 6
Ok. Will need to rework this, to keep the links working.
1- if we filter out directly while saving, it may cause some valid links being rejected.
2- if I use filterXSS, other html tags will still work.
Sat, May 4
Fri, May 3
Sat, Apr 27
Apr 13 2019
I can confirm, all the 4 codes below work with your commit and xss is too not working.
Apr 11 2019
Apr 10 2019
Apr 5 2019
Apr 4 2019
Add redirections for upper/mixed case checksum
- Add docstring
rebase with master
- Add uppercase redirections for APIs and tests
Apr 3 2019
Apr 2 2019
@anlambert I have locally made changes for other endpoints also and added tests for the same. Should I create a new Diff?
Mar 30 2019
Mar 29 2019
rebase to master
- add SearchDelay to admin DataTables
@anlambert Oh the admin ones. Will update.
Anyways, how do I test as admin when I run it locally?
@anlambert history.immutable is already set to true.
Mar 28 2019
Mar 27 2019
Abandoned in favor of rDWAPPS1553ea764f1bae36649a6996770e37e0c271bb76
Mar 26 2019
- add case for bigger array lengths
My laptop crashed when I entered a big query on /browse/search/ , because it filled my whole RAM.
Array size of 10 filled my 4 GBs of RAM when heapsPermute was called
Add support for uppercase sha1 in url arguments
Created new diff by mistake.
- fix failing tests
Mar 25 2019
- remove lower calls from endpoints
- fix uppercase sha1 and tests
Continued in D1290
- improve readability
@anlambert Oh i didn't read your comment. Anyways, I just wrote some tests.
- fix uppercase SHA1 for api
- add tests for uppercase sha1
@anlambert I'll update for api endpoints also.
- fix failing tests
- fix upper case SHA1 in multiple files
I pushed changes through arc : D1290
Probably the problem was line 34, which had more than 79 characters. This was preventing me to stage changes.
Mar 22 2019
@ardumont Changed the title.