tcms.handlers module

class tcms.handlers.SafeJSONRPCHandler(request, entry_point)[source]

Bases: modernrpc.handlers.jsonhandler.JSONRPCHandler

static escape_dict(result_dict)[source]
static escape_list(result_list)[source]
execute_procedure(name, args=None, kwargs=None)[source]

HTML escape every string before returning it to the client, which may as well be the webUI. This will prevent XSS attacks for pages which display whatever is in the DB (e.g. tags, components)