issue2550711 Fix XSS vulnerability when username contains HTML code.

schlatterbeck · schlatterbeck · commit 38193cc7d935 · 2012-01-05T15:56:15.000+01:00
Thanks to Thomas Arendsen Hein for reporting and patch.
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -55,6 +55,8 @@ Fixed:
   backported version of my proposed changes to
   email.header.decode_header in http://bugs.python.org/issue1079
   (Ralf)
+- issue2550711 Fix XSS vulnerability when username contains HTML code,
+  thanks to Thomas Arendsen Hein for reporting and patch.
 
 
 2011-07-15: 1.4.19
diff --git a/roundup/cgi/templating.py b/roundup/cgi/templating.py
@@ -1141,7 +1141,7 @@ def history(self, direction='descending', dre=re.compile('^\d+$'),
             if dre.match(user):
                 user = self._db.user.get(user, 'username')
             l.append('<tr><td>%s</td><td>%s</td><td>%s</td><td>%s</td></tr>'%(
-                date_s, user, self._(action), arg_s))
+                date_s, cgi.escape(user), self._(action), arg_s))
         if comments:
             l.append(self._(
                 '<tr><td colspan=4><strong>Note:</strong></td></tr>'))
