Skip to content

Disable unsafe directives when rendering READMEs

rst_to_html is called by get_readme_to_display, which processes unsafe data; so it should not allow inclusion of arbitrary files or arbitrary HTML.

Found thanks to this Sentry issue: https://sentry.softwareheritage.org/organizations/swh/issues/9247/


Migrated from D7323 (view on Phabricator)

Merge request reports

Loading