89593686ef
It is possible to inject HTML/JavaScript code into shares table
member page setting metadata to shares and share types table admin page
setting extra specs. So, escape HTML-specific symbols in output
string of 'metadata_to_str' function to make it interpreted
as string and not as code.
Depends-On: If83e66d4b2f0f1db181e7c23ac256c498566c2da
Change-Id: Ied567e06d91941e9aaac7d3117e03cd1770fb75e
Security-Fix
Closes-Bug: #1597738
(clean cherry pick of commit
|
||
---|---|---|
.. | ||
templates/shares | ||
__init__.py | ||
forms.py | ||
panel.py | ||
tables.py | ||
tabs.py | ||
tests.py | ||
urls.py | ||
utils.py | ||
views.py | ||
workflows.py |