Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 0.23.0
    • Fix Version/s: None
    • Component/s: security
    • Labels:
    • Target Version/s:
    • Tags:
      mrv2, webapp, security

      Description

      Just noticed that the current log serving is using the raw writer (instead of Hamlet) to serve logs without escaping html.

      It's actually easier/cleaner to use Hamlet to serve logs:

      pre._(buffer);
      

      which takes care of content escaping automatically.

      I will make raw writer access package private for framework use only.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ojoshi Omkar Vinit Joshi
                Reporter:
                vicaya Luke Lu
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: