An XSS fix has been fixed on Allura in the 'master' git branch. It is advisable for anyone running allura to update to the latest. Details at https://sourceforge.net/p/allura/tickets/7528/
The fix included moving from the old feedparser library to the newer maintained html5lib, for our HTML sanitization. This does have some minor differences in terms of HTML output, but none that I've found to be significant. -- Dave Brondsema : [email protected] http://www.brondsema.net : personal http://www.splike.com : programming <><
