From 53f3787959abcb26d3ef4183701df9d563bd0245 Mon Sep 17 00:00:00 2001
From: Nicolas Sylvain <nsylvain@google.com>
Date: Wed, 12 Aug 2009 14:04:23 -0400
Subject: [PATCH] fix XSS vulnerability reported by Nicolas Sylvain
 <nsylvain@google.com>

---
 buildbot/status/web/waterfall.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/buildbot/status/web/waterfall.py b/buildbot/status/web/waterfall.py
index 3b061d2f878..4d34deb08a4 100644
--- a/buildbot/status/web/waterfall.py
+++ b/buildbot/status/web/waterfall.py
@@ -584,7 +584,7 @@ def with_args(req, remove_args=[], new_args=[], new_path=None):
                     newargs[k].append(v)
                 else:
                     newargs[k] = [v]
-            newquery = "&".join(["%s=%s" % (k, v)
+            newquery = "&".join(["%s=%s" % (k, urllib.quote(v))
                                  for k in newargs
                                  for v in newargs[k]
                                  ])