Mercurial Mercurial > pub > hg > cubicweb / changelog
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | zip | gz | bz2 | help
(0) -3000 -1000 -300 -100 -30 -10 -2 +2 +10 +30 +100 +300 +1000 +3000 tip
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Wed, 05 Feb 2014 15:50:36 +0100 [uilib] allow canvas tags in the html cleaner stable
changeset
Julien Cristau <julien.cristau@logilab.fr> [Wed, 05 Feb 2014 15:50:36 +0100] rev 9524
[uilib] allow canvas tags in the html cleaner Used by the iprogress cube. Closes #3524254.
Wed, 05 Feb 2014 16:34:21 +0100 [ajax] use a custom tag to handle dynamically loaded js stable
changeset
Julien Cristau <julien.cristau@logilab.fr> [Wed, 05 Feb 2014 16:34:21 +0100] rev 9523
[ajax] use a custom tag to handle dynamically loaded js Using <pre class="script"> makes it trivial for a malicious user to inject arbitrary javascript into a html or rest text element (because it looks innocent to the html sanitizer). Using a custom tag we can be sure that it actually comes from our code and not from untrusted user data. IE ignores custom tags, though, so we put it in its own namespace. https://extranet.logilab.fr/1530578
(0) -3000 -1000 -300 -100 -30 -10 -2 +2 +10 +30 +100 +300 +1000 +3000 tip
cubicweb