« Previous | Next » 

Revision 4a9965fc

Added by bmbouter over 3 years ago

Sanitize Invalid Changelogs Too

The diff below causes the selection of input to be sanitized to be greedy instead of non-greedy. This causes it work sanitize more data in the cases of invalid entries such as Changelogs with too many sections in one rpm.

This fix is very safe for several reasons:

  1. Escaping all data for the template layer should be safe. This is essentially user-provided data given that we got it from the internet, so it probably all should be escaped. Since this fixes this issue I'm not going to rewrite the sanitizer now to keep it low-risk.

  2. The extra-greedyness added is still limited by the end tag matched closes #3535