You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This sanitizes some instances where tool parameters were included
directly into the DOM.
workflow/run.mako displayed the parameter as a value in a hidden input.
This was base64 encoded as there was no better solution apparent at the
time. I'm not sure where this parameter is POSTed to but we should
figure that out and b64decode it, or remove the hidden parameter.
client/... added the parameter value into the DOM. This was easily
sanitized using a standard method.
workflow/display.mako included the parameter value directly into the
HTML. This was cgi.esacped
This sanitizes some instances where tool parameters were included
directly into the DOM.
workflow/run.mako displayed the parameter as a value in a hidden input.
This was base64 encoded as there was no better solution apparent at the
time. I'm not sure where this parameter is POSTed to but we should
figure that out and b64decode it, or remove the hidden parameter.
client/... added the parameter value into the DOM. This was easily
sanitized using a standard method.
workflow/display.mako included the parameter value directly into the
HTML. This was cgi.esacped
Conflicts:
static/scripts/bundled/libs.bundled.js.map
So...that's neat. On d7353d3. Not tested on dev yet, sorry.
So that happens because of this HTML snippet:
It's the filter tool and the filter I used was
100 * c4 / c23 > 50
. The escaping job onvalue
is somewhat suboptimal.The text was updated successfully, but these errors were encountered: