Bug#853189: tracker.debian.org: Ecnoding issue / Code injection through Maintainer field (and probably others)
Mattia Rizzolo:
> On Mon, Jan 30, 2017 at 03:43:44PM +0100, Dominik George wrote:
>> tracker.debian.org apparently has encoding issues, not of the “schei�
>> encoding” kind, but it even seems to break the HTML completely and even
>> introduces new elements into the DOM in some way…
>>
>> أحمد المحمودي (Ahmed El-Mahmoudy), e.g., in the Maintainer field of
>> python-whoosh [1] triggers the issue in the “testing migrations” pane
>> (but not in the Maintainer field itself…).
>
> That's coming from the excuses.yaml coming from
> https://release.debian.org/britney/excuses.yaml (debian-released CCed):
>
> [...]
Sorry, but I am afraid that is incorrect.
* excuses.yaml is valid UTF-8 AFAICT
* tracker.d.o does *not* import excuses.yaml but update_excuses.html
(as far as I am informed at least)
* Even update_excuses.html us valid UTF-8 (but it uses "meta
http-equiv" tag to declare that rather than a HTTP header).
So I am not (yet?) convinced that the problem is on the d-release side.
Thanks,
~Niels
Reply to: