Mercurial > hgrepos > DevTools > mercurial-extensions

diff extensions/kwarchive.py @ 130:c3397e670063

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Docu: drop a note why templates are not supported in keyword definitions
author Franz Glasner <hg@dom66.de>
date Sat, 18 Aug 2018 18:48:45 +0200
parents 51a4f1f5df09
children 91077014c7b7
line wrap: on
line diff
--- a/extensions/kwarchive.py	Sat Aug 18 18:30:18 2018 +0200
+++ b/extensions/kwarchive.py	Sat Aug 18 18:48:45 2018 +0200
@@ -60,6 +60,11 @@
 A non-existing ``.hgkwarchive`` file deactivates keyword expansion as does
 an empty ``[patterns]`` section.
 
+.. note:: Because the keyword expansion is defined in a *versioned* file
+          no templating is supported here. This could lead to remote
+          code execution secnarios because Mercurial templates can execute
+          a big bunch of Python functions.
+
 """
 
 from __future__ import absolute_import