VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 0.23.0
    • Fix Version/s: None
    • Component/s: security
    • Labels:
    • Target Version/s:
    • Tags:
      mrv2, webapp, security

      Description

      Just noticed that the current log serving is using the raw writer (instead of Hamlet) to serve logs without escaping html.

      It's actually easier/cleaner to use Hamlet to serve logs:

      pre._(buffer);
      

      which takes care of content escaping automatically.

      I will make raw writer access package private for framework use only.

        Attachments

        Issue Links

          Activity

            People

            • Assignee:
              ojoshi Omkar Vinit Joshi
              Reporter:
              vicaya Luke Lu

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment