Permalink
Browse files

Escape some things.

  • Loading branch information...
1 parent a755033 commit 69c984aa54d87c6def1f3bfdb990faab607ddaad @brianloveswords brianloveswords committed Apr 26, 2013
Showing with 5 additions and 5 deletions.
  1. +1 −1 views/admin/login.html
  2. +4 −4 views/public/claim.html
View
@@ -15,7 +15,7 @@
<form method="post" action="/login" class="js-persona-form">
<input type="hidden" name="assertion" value="" class="js-persona-input">
<input type="hidden" name="csrf" value="{{ csrf }}">
- <input type="hidden" name="path" value="{{ path }}">
+ <input type="hidden" name="path" value="{{ path | e }}">
</form>
{% endblock %}
View
@@ -14,17 +14,17 @@
<h3>What's your claim code?</h3>
</hgroup>
<p class="notice">Spaces, dashes and lettercase don't matter, just type in the words</p>
-
+
<form method="post" class="claim-form" action="">
{% if missing %}
<p><strong class="error">Sorry, could not find a badge with that code.</strong></p>
{% endif %}
-
+
<input id="name" type="hidden" name="csrf" value="{{ csrf }}">
- <input tabindex="1" type="text" name="code" placeholder="Enter your claim code" class="input" value="{{ code | default('') }}">
+ <input tabindex="1" type="text" name="code" placeholder="Enter your claim code" class="input" value="{{ code | default('') | e }}">
<input tabindex="2" type="submit" value="Get your badge!" class="button">
</form>
-
+
</div>
</div>
{% endblock %}

0 comments on commit 69c984a

Please sign in to comment.