Skip to content
Permalink
Browse files Browse the repository at this point in the history
fixed some xss issues
  • Loading branch information
evgenyfadeev committed May 8, 2013
1 parent 8ac806f commit a676a86
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 3 deletions.
2 changes: 1 addition & 1 deletion askbot/templates/users.html
Expand Up @@ -63,7 +63,7 @@ <h1 class="section-title">
<div class="clearfix"></div>
</div>
{% if search_query %}
<p>{% trans %}users matching query {{search_query}}:{% endtrans %}</p>
<p>{% trans search_query=search_query|escape %}users matching query {{search_query}}:{% endtrans %}</p>
{% endif %}
{% if not users.object_list %}
<p><span>{% trans %}Nothing found.{% endtrans %}</span></p>
Expand Down
3 changes: 2 additions & 1 deletion askbot/utils/functions.py
Expand Up @@ -3,6 +3,7 @@
import datetime
from django.utils.translation import ugettext as _
from django.utils.translation import ungettext
from django.utils.html import escape

def get_from_dict_or_object(source, key):
try:
Expand Down Expand Up @@ -158,7 +159,7 @@ def setup_paginator(context):
next_page_number = None

return {
"base_url": context["base_url"],
"base_url": escape(context["base_url"]),
"is_paginated": context["is_paginated"],
"previous": previous_page_number,
"has_previous": page_object.has_previous(),
Expand Down
2 changes: 1 addition & 1 deletion askbot/views/commands.py
Expand Up @@ -699,7 +699,7 @@ def subscribe_for_tags(request):
else:
message = _(
'Tag subscription was canceled (<a href="%(url)s">undo</a>).'
) % {'url': request.path + '?tags=' + request.REQUEST['tags']}
) % {'url': escape(request.path) + '?tags=' + request.REQUEST['tags']}
request.user.message_set.create(message = message)
return HttpResponseRedirect(reverse('index'))
else:
Expand Down

0 comments on commit a676a86

Please sign in to comment.