[tahoe-lafs-trac-stream] [tahoe-lafs] #1143: Double Encoding in HTML in File Names in WUI
tahoe-lafs
trac at tahoe-lafs.org
Tue Aug 23 19:58:12 PDT 2011
#1143: Double Encoding in HTML in File Names in WUI
-----------------------------------+---------------------------
Reporter: chrisp | Owner: davidsarah
Type: defect | Status: assigned
Priority: major | Milestone: 1.10.0
Component: code-frontend-web | Version: 1.7.1
Resolution: | Keywords: easy wui html
Launchpad Bug: |
-----------------------------------+---------------------------
Changes (by davidsarah):
* keywords: => easy wui html
* owner: nobody => davidsarah
* status: new => assigned
* component: unknown => code-frontend-web
* milestone: undecided => 1.10.0
Comment:
I've just spotted the likely cause of this bug: at several places in
[source:src/allmydata/web/directory.py at 5185#L668
DirectoryAsHTML.render_row], we use
{{{T.a(href=...)[html.escape(name)])}}}. This is wrong because nevow
already escapes the argument to {{{T.a}}} (if it is a string).
I think it only affects the WUI.
--
Ticket URL: <http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1143#comment:2>
tahoe-lafs <http://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list