Skip to content

API: add HTML escapes in displayed data

When accessing, for instance, a revision in the web API, the JSON data is not escaped.

Example : author -> fullname in https://archive.softwareheritage.org/api/1/revision/18d8be353ed3480476f032475e7c233eff7371d5/

This makes us vulnerable to code injections and should be fixed throughout the API views.

Migrated from T640 (view on Phabricator)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information