Mercurial Mercurial > pub > hg > cubicweb / changelog
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | zip | gz | bz2 | help
(0) -3000 -1000 -300 -100 -30 -10 -4 +4 +10 +30 +100 +300 +1000 +3000 tip
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Wed, 05 Feb 2014 16:34:21 +0100 [ajax] use a custom tag to handle dynamically loaded js stable
changeset
Julien Cristau <julien.cristau@logilab.fr> [Wed, 05 Feb 2014 16:34:21 +0100] rev 9523
[ajax] use a custom tag to handle dynamically loaded js Using <pre class="script"> makes it trivial for a malicious user to inject arbitrary javascript into a html or rest text element (because it looks innocent to the html sanitizer). Using a custom tag we can be sure that it actually comes from our code and not from untrusted user data. IE ignores custom tags, though, so we put it in its own namespace. https://extranet.logilab.fr/1530578
Mon, 03 Feb 2014 19:07:58 +0100 [dataimport] fix comment stable
changeset
Aurelien Campeas <aurelien.campeas@logilab.fr> [Mon, 03 Feb 2014 19:07:58 +0100] rev 9522
[dataimport] fix comment
Wed, 12 Feb 2014 18:15:32 +0100 [hooks/security, devtools/fill] silence yams 0.38.0 warnings stable
changeset
Aurelien Campeas <aurelien.campeas@logilab.fr> [Wed, 12 Feb 2014 18:15:32 +0100] rev 9521
[hooks/security, devtools/fill] silence yams 0.38.0 warnings
Mon, 03 Feb 2014 16:30:07 +0100 Drop 3.13 incomplete backward compat in edit controller.
changeset
Florent Cayré <florent.cayre@logilab.fr> [Mon, 03 Feb 2014 16:30:07 +0100] rev 9520
Drop 3.13 incomplete backward compat in edit controller. It is very old and broken (there is another non-backward-copmpatible usage of `_cw_entity_fields`), better to remove it instead of fixing. Closes #3515223.
(0) -3000 -1000 -300 -100 -30 -10 -4 +4 +10 +30 +100 +300 +1000 +3000 tip
cubicweb