strip html tags in nickname save field

rosedu · Mar 28, 2013 · 7664cbc · 7664cbc
1 parent fe6b68b
commit 7664cbc
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/wouso/interface/profile/views.py b/wouso/interface/profile/views.py
@@ -7,6 +7,7 @@
 from django.http import Http404, HttpResponse, HttpResponseBadRequest
 from django.shortcuts import render_to_response, get_object_or_404, redirect
 from django.template import RequestContext
+from django.utils.html import strip_tags
 from wouso.core.god import God
 from wouso.core.user.models import Player, PlayerGroup, Race
 from wouso.core.scoring.models import History
@@ -34,7 +35,7 @@ class Meta:
         def clean_nickname(self):
             if Player.objects.exclude(id=self.instance.id).filter(nickname=self.cleaned_data['nickname']).count():
                 raise ValidationError("Nickname is used")
-            self.cleaned_data['nickname'] = self.cleaned_data['nickname'].strip().replace(' ', '_')
+            self.cleaned_data['nickname'] = strip_tags(self.cleaned_data['nickname'].strip().replace(' ', '_'))
             return self.cleaned_data['nickname']