issue2550711 Fix XSS vulnerability when username contains HTML code.

Thanks to Thomas Arendsen Hein for reporting and patch.
roundup-tracker · Jan 5, 2012 · 38193cc · 38193cc
1 parent 7064ec9
commit 38193cc
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -55,6 +55,8 @@ Fixed:
   backported version of my proposed changes to
   email.header.decode_header in http://bugs.python.org/issue1079
   (Ralf)
+- issue2550711 Fix XSS vulnerability when username contains HTML code,
+  thanks to Thomas Arendsen Hein for reporting and patch.
 
 
 2011-07-15: 1.4.19

diff --git a/roundup/cgi/templating.py b/roundup/cgi/templating.py
@@ -1141,7 +1141,7 @@ def history(self, direction='descending', dre=re.compile('^\d+$'),
             if dre.match(user):
                 user = self._db.user.get(user, 'username')
             l.append('<tr><td>%s</td><td>%s</td><td>%s</td><td>%s</td></tr>'%(
-                date_s, user, self._(action), arg_s))
+                date_s, cgi.escape(user), self._(action), arg_s))
         if comments:
             l.append(self._(
                 '<tr><td colspan=4><strong>Note:</strong></td></tr>'))