Correct a security issue in RSS feeds (closes #286)

author: Étienne Loks <etienne.loks@peacefrogs.net> 2010-12-06 17:17:25 +0100
committer: Étienne Loks <etienne.loks@peacefrogs.net> 2010-12-06 17:17:25 +0100
commit: 95552c53b84f18d0d3fd8581dd65737245cb7c53 (patch)
tree: ef98bd8fe084f137a5bcf482c8af34730e0153a6
parent: e79a5d739d1a3253a88fac3f66f6a41e6dfd9d80 (diff)
download: Chimère-95552c53b84f18d0d3fd8581dd65737245cb7c53.tar.bz2
Chimère-95552c53b84f18d0d3fd8581dd65737245cb7c53.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/chimere/rss/templates/rss_descr.html b/chimere/rss/templates/rss_descr.html
index 5cd842a..8d4d225 100644
--- a/chimere/rss/templates/rss_descr.html
+++ b/chimere/rss/templates/rss_descr.html
@@ -2,6 +2,6 @@
 <div id='detail_content'>
 {% if obj.picture %}<img src='{{obj.picture.url}}' alt="{{obj.name}}"/>{%endif%}
 <div>{% for property in obj.getProperties %}
-<p id='{{property.propertymodel.getNamedId}}'>{{ property.value|safe }}</p>
+<p id='{{property.propertymodel.getNamedId}}'>{{ property.value|sanitize:"p b a:href ul li ol h1 h2 h3 h4"|safe }}</p>
 {% endfor %}</div>
 </div>
author	Étienne Loks <etienne.loks@peacefrogs.net>	2010-12-06 17:17:25 +0100
committer	Étienne Loks <etienne.loks@peacefrogs.net>	2010-12-06 17:17:25 +0100
commit	95552c53b84f18d0d3fd8581dd65737245cb7c53 (patch)
tree	ef98bd8fe084f137a5bcf482c8af34730e0153a6
parent	e79a5d739d1a3253a88fac3f66f6a41e6dfd9d80 (diff)
download	Chimère-95552c53b84f18d0d3fd8581dd65737245cb7c53.tar.bz2 Chimère-95552c53b84f18d0d3fd8581dd65737245cb7c53.zip