Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixos-homepage
base: f74049df65db
Choose a base ref
...
head repository: NixOS/nixos-homepage
compare: fa614b17bace
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Jul 2, 2018

  1. Removes useless escapes from ppNix in options page. 

    This is safe since all calls to `ppNix` are made using `.text()`.

 * https://github.com/NixOS/nixos-homepage/blob/f74049df65db247ce156022155a966c272ffb96c/nixos/options.tt#L324-L328

And *anyway* the previous escapes were done only one time, making it
trivial to bypass

```
> "<<<<<".replace("<", "&gt;")
→ "&gt;<<<<"
```

This has further been manually verified (with an hand-modified options.json) to
not cause opportunities for HTML injection.
    @samueldr
    samueldr committed Jul 2, 2018
    Configuration menu
    Copy the full SHA
    67c615f View commit details
    Browse the repository at this point in the history

Commits on Jul 23, 2018

  1. Merge pull request #229 from samueldr/fix/useless-escaping 

    Removes useless escapes from `ppNix` in options page.
    @edolstra
    edolstra committed Jul 23, 2018
    Configuration menu
    Copy the full SHA
    fa614b1 View commit details
    Browse the repository at this point in the history