Permalink
Browse files

Also escape quotes. Fix XSS bug.

  • Loading branch information...
Rafiot committed Aug 31, 2012
1 parent b90063f commit c0f1898f1860ceab2a2176e4a43ff1b898b54adb
Showing with 1 addition and 1 deletion.
  1. +1 −1 website/master.py
View
@@ -130,7 +130,7 @@ def escape(self, var):
"""
Escape input
"""
- return cgi.escape(var)
+ return cgi.escape(var, True)
def reset_if_empty(self, to_check = None):
"""

0 comments on commit c0f1898

Please sign in to comment.