Commits for galt

v337_base to v338_preview (2016-08-15 to 2016-08-22) v338

2817400f77ca691cedbc23df32154f00c0a4a77f Wed Aug 17 22:14:46 2016 -0700

• This commit refs #17815, #17782. Addressing XSS issues in warn and errAbort via new htmlSafef and encoding for several cases including html, attribrute, css, js, url or none. Encoding approach is based on OWASP recommendations.
  
  • src/hg/encode/hgEncodeVocab/hgEncodeVocab.c - lines changed 1, context: html, text, full: html, text
  • src/hg/hgTables/filterFields.c - lines changed 1, context: html, text, full: html, text
  • src/hg/hgTables/identifiers.c - lines changed 6, context: html, text, full: html, text
  • src/hg/hgTracks/hgTracks.c - lines changed 1, context: html, text, full: html, text
  • src/hg/lib/cartJson.c - lines changed 1, context: html, text, full: html, text
  • src/hg/lib/hui.c - lines changed 5, context: html, text, full: html, text
  • src/inc/htmshell.h - lines changed 29, context: html, text, full: html, text
  • src/lib/htmshell.c - lines changed 583, context: html, text, full: html, text

38990114981b7e195d33206edd471797038c6557 Thu Aug 18 11:16:36 2016 -0700

• Fixing XSS. Changed output from just printf to warn() which gets properly encoded output.
  
  • src/hg/hgc/hgc.c - lines changed 1, context: html, text, full: html, text

d26a087dff59f4e4493e4ce2cf7d5b1ae145fdf3 Thu Aug 18 12:15:52 2016 -0700

• adding back commits reverted earlier that got lost in the final merge. XSS fixes.
  
  • src/hg/lib/cart.c - lines changed 1, context: html, text, full: html, text
  • src/hg/lib/hgFind.c - lines changed 1, context: html, text, full: html, text
  • src/inc/htmshell.h - lines changed 3, context: html, text, full: html, text