Mercurial > hg

changeset 19883:904061628dc4 stable

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hgweb: add escaping of tags and bookmarks in graph view
author Matt Mackall <mpm@selenic.com>
date Wed, 09 Oct 2013 12:02:32 -0700
parents 55c763926a28
children e828975722c8 f91e932b2cfe
files mercurial/hgweb/webcommands.py
diffstat 1 files changed, 2 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/hgweb/webcommands.py	Wed Oct 09 11:50:19 2013 -0700
+++ b/mercurial/hgweb/webcommands.py	Wed Oct 09 12:02:32 2013 -0700
@@ -922,7 +922,8 @@
 
             if usetuples:
                 data.append((node, vtx, edges, desc, user, age, branch,
-                             ctx.tags(), ctx.bookmarks()))
+                             [cgi.escape(x) for x in ctx.tags()],
+                             [cgi.escape(x) for x in ctx.bookmarks()]))
             else:
                 edgedata = [dict(col=edge[0], nextcol=edge[1],
                                  color=(edge[2] - 1) % 6 + 1,