Permalink
Browse files

fix markdown safe XSS vulnerability

  • Loading branch information...
1 parent 26a223b commit cf5585141408d6dcf3ced0c033fcebc114d79b67 @bryanhelmig bryanhelmig committed Mar 13, 2012
Showing with 4 additions and 3 deletions.
  1. +1 −0 MANIFEST
  2. +1 −1 knowledge/__init__.py
  3. +2 −2 knowledge/templates/django_knowledge/thread.html
View
@@ -26,6 +26,7 @@ knowledge/templates/django_knowledge/mod_bar.html
knowledge/templates/django_knowledge/sidebar.html
knowledge/templates/django_knowledge/thread.html
knowledge/templates/django_knowledge/welcome.html
+knowledge/templates/django_knowledge/emails/base.html
knowledge/templates/django_knowledge/emails/message.html
knowledge/templatetags/__init__.py
knowledge/templatetags/knowledge_tags.py
View
@@ -1 +1 @@
-VERSION = (0, 0, 5)
+VERSION = (0, 0, 6)
@@ -22,7 +22,7 @@ <h5>{{ question.get_name }} <span class="quiet">
&nbsp;{{ question.added }}
</span></h5>
- {{ question.body|markdown }}
+ {{ question.body|markdown:"safe" }}
{% include "django_knowledge/mod_bar.html" with allowed_mods=allowed_mods.question type="question" node=question %}
</div>
@@ -47,7 +47,7 @@ <h5>{{ response.get_name }} <span class="quiet">
&nbsp;{{ response.added }}
</span></h5>
- {{ response.body|markdown }}
+ {{ response.body|markdown:"safe" }}
{% include "django_knowledge/mod_bar.html" with allowed_mods=allowed_mods.response type="response" node=response %}
</div>

0 comments on commit cf55851

Please sign in to comment.