Added by bmbouter over 3 years ago
Sanitize Invalid Changelogs Too
The diff below causes the selection of input to be sanitized to be greedy instead of non-greedy. This causes it work sanitize more data in the cases of invalid entries such as Changelogs with too many sections in one rpm.
This fix is very safe for several reasons:
Escaping all data for the template layer should be safe. This is essentially user-provided data given that we got it from the internet, so it probably all should be escaped. Since this fixes this issue I'm not going to rewrite the sanitizer now to keep it low-risk.
The extra-greedyness added is still limited by the end tag matched
(cherry picked from commit 4a9965fc100f1414d3be0845138fd66981b0ba31)