Skip to content

Mark diff colors safe and escape raw diff input #1993

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 10, 2024
Merged

Mark diff colors safe and escape raw diff input #1993

merged 1 commit into from
Nov 10, 2024

Conversation

@haxtibal
Copy link
Contributor

For HTML escaping of the diff view we have to consider two things.

  1. Diff input comes from two git checkouts of the project at specific revisions. The revisions sdocs are considered untrusted user input, could contain special characters and must be escaped.
  2. After analyzing with difflib we add a bit HTML to colorize the output. This specific HTML fragments are trusted and safe.

Relates to #1920.

stanislaw
stanislaw reviewed Nov 10, 2024
View reviewed changes
@haxtibal
Mark diff colors safe and escape raw diff input
a7d6ee4 
For HTML escaping of the diff view we have to consider two things.

1. Diff input comes from two git checkouts of the project at specific
   revisions. The revisions sdocs are considered untrusted user input,
   could contain special characters and must be escaped.
2. After analyzing with difflib we add a bit HTML to colorize the
   output. This specific HTML fragments are trusted and safe.

Relates to strictdoc-project#1920.
@haxtibal haxtibal force-pushed the tdmg/fix_diff_html_escaping branch from 80462b6 to a7d6ee4 Compare November 10, 2024 19:36
@stanislaw stanislaw changed the title WIP: Mark diff colors safe and escape raw diff input Mark diff colors safe and escape raw diff input Nov 10, 2024
@stanislaw stanislaw merged commit db0e4ff into strictdoc-project:main Nov 10, 2024
22 checks passed
@stanislaw stanislaw mentioned this pull request Nov 10, 2024
Closed
8 tasks
@stanislaw stanislaw added this to the 2024-Q4 milestone Nov 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stanislaw stanislaw stanislaw left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

2024-Q4

Development

Successfully merging this pull request may close these issues.

2 participants

@haxtibal @stanislaw