diff options
author | Étienne Loks <etienne.loks@peacefrogs.net> | 2010-12-06 17:17:25 +0100 |
---|---|---|
committer | Étienne Loks <etienne.loks@peacefrogs.net> | 2010-12-06 17:17:25 +0100 |
commit | 95552c53b84f18d0d3fd8581dd65737245cb7c53 (patch) | |
tree | ef98bd8fe084f137a5bcf482c8af34730e0153a6 | |
parent | e79a5d739d1a3253a88fac3f66f6a41e6dfd9d80 (diff) | |
download | Chimère-95552c53b84f18d0d3fd8581dd65737245cb7c53.tar.bz2 Chimère-95552c53b84f18d0d3fd8581dd65737245cb7c53.zip |
Correct a security issue in RSS feeds (closes #286)
-rw-r--r-- | chimere/rss/templates/rss_descr.html | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/chimere/rss/templates/rss_descr.html b/chimere/rss/templates/rss_descr.html index 5cd842a..8d4d225 100644 --- a/chimere/rss/templates/rss_descr.html +++ b/chimere/rss/templates/rss_descr.html @@ -2,6 +2,6 @@ <div id='detail_content'> {% if obj.picture %}<img src='{{obj.picture.url}}' alt="{{obj.name}}"/>{%endif%} <div>{% for property in obj.getProperties %} -<p id='{{property.propertymodel.getNamedId}}'>{{ property.value|safe }}</p> +<p id='{{property.propertymodel.getNamedId}}'>{{ property.value|sanitize:"p b a:href ul li ol h1 h2 h3 h4"|safe }}</p> {% endfor %}</div> </div> |