Skip to content

Commit d33d3cd

Browse files
authored
Merge pull request #3095 from modoboa/fix/xss_profile_form
Fixed XSS vulnerability when displaying form error messages.
2 parents 1bf2932 + 540b27a commit d33d3cd

File tree

2 files changed

+3
-3
lines changed

2 files changed

+3
-3
lines changed

Diff for: modoboa/static/js/twocols_nav.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ TwocolsNav.prototype = {
3030
listen: function() {
3131
$("a.ajaxnav").click($.proxy(this.load_section, this));
3232
$(document).on("click", "#update", $.proxy(function(e) {
33-
var $form = $("form").first();
33+
var $form = $(e.target).closest("form");
3434
simple_ajax_form_post(e, {
3535
formid: $form.attr("id"),
3636
modal: false,

Diff for: modoboa/templates/common/generic_field.html

+2-2
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
{% endif %}
1313
</label>
1414
{% endif %}
15-
15+
1616
<div class="{% render_field_width field %}">
1717
{% if appended_text %}
1818
<div class="input-group">
@@ -31,7 +31,7 @@
3131
{% if field.errors %}
3232
<p class="help-block">
3333
{% for error in field.errors %}
34-
{{ error|safe }}
34+
{{ error }}
3535
{% endfor %}
3636
</p>
3737
{% endif %}

0 commit comments

Comments
 (0)