Skip to content

Commit

Permalink
Merge branch 'kvakil-kvakil-xss'
Browse files Browse the repository at this point in the history 
* kvakil-kvakil-xss:
  fixed cross-site scripting attack
  • Loading branch information
@Sumukh
Sumukh committed Oct 5, 2016
2 parents 9a7b112 + 9db2dc6 commit c6c0e67
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion server/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
from flask_wtf.csrf import CsrfProtect
from webassets.loaders import PythonLoader as PythonAssetsLoader
from werkzeug.contrib.fixers import ProxyFix
from jinja2 import escape

from server import assets, converters, utils
from server.forms import CSRFForm
Expand Down Expand Up @@ -108,7 +109,7 @@ def not_found_error(error):
})

app.jinja_env.filters.update({
'markdown': lambda data: Markup(markdown(data)),
'markdown': lambda data: Markup(markdown(escape(data))),
'pluralize': utils.pluralize
})

Expand Down

0 comments on commit c6c0e67

Please sign in to comment.