Merge pull request sehmaschine#88 from laat/xss-fix

Fixed a XSS vulnerability
fengyibo · Mar 26, 2012 · 0f8aab9 · 0f8aab9
2 parents e9411db + a048946
commit 0f8aab9
Showing 1 changed file with 1 addition and 3 deletions.
diff --git a/filebrowser/templatetags/fb_tags.py b/filebrowser/templatetags/fb_tags.py
@@ -2,8 +2,6 @@
 
 # DJANGO IMPORTS
 from django import template
-from django.utils.encoding import smart_unicode
-from django.utils.safestring import mark_safe
 from django.utils.http import urlquote
 
 # FILEBROWSER IMPORTS
@@ -61,7 +59,7 @@ def get_query_string(p, new_params=None, remove=None):
             del p[k]
         elif v is not None:
             p[k] = v
-    return mark_safe('?' + '&'.join([u'%s=%s' % (k, urlquote(v)) for k, v in p.items()]).replace(' ', '%20'))
+    return '?' + '&'.join([u'%s=%s' % (urlquote(k), urlquote(v)) for k, v in p.items()])
 
 
 def string_to_dict(string):