tag 767584 + patch thanks Hello,
please see the attached (rather trivial) patch. I looked up [1] which seemed the appropriate fix for this issue. My Python-Foo is not very strong, so please eventually take a closer look if this is the right fix. Bye, Simon [1] https://docs.python.org/2/library/cgi.html
>From 7af4b228a3d352d4e14537ffa33cd1c3173fe505 Mon Sep 17 00:00:00 2001 From: Simon Kainz <ska...@debian.org> Date: Tue, 27 Jan 2015 14:06:14 +0100 Subject: [PATCH] add escaping for < and > charachters in bug title --- web/cgi-bin/bts-usertags.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/cgi-bin/bts-usertags.cgi b/web/cgi-bin/bts-usertags.cgi index 8c8e3d1..8229707 100755 --- a/web/cgi-bin/bts-usertags.cgi +++ b/web/cgi-bin/bts-usertags.cgi @@ -193,7 +193,7 @@ def tagged_bugs(user, tag): 'target': ('src:' if result.source == result.package else '') + result.package, }, - result.title, + cgi.escape(result.title), '<a href="?bug=%s">list usertags</a>' % result.id, attrs=attrs) tfoot() -- 2.1.4