Correct a security issue in RSS feeds (closes #286)

author: Étienne Loks <etienne.loks@peacefrogs.net> 2010-12-06 17:17:25 +0100
committer: Étienne Loks <etienne.loks@peacefrogs.net> 2010-12-06 17:28:02 +0100
commit: b451c65f29cd7b18d48f8d6be33e7e0043fa4940 (patch)
tree: 111cae8d2e15d76ffc70099e19401ec2e63d76f2
parent: e79a5d739d1a3253a88fac3f66f6a41e6dfd9d80 (diff)
download: Chimère-b451c65f29cd7b18d48f8d6be33e7e0043fa4940.tar.bz2
Chimère-b451c65f29cd7b18d48f8d6be33e7e0043fa4940.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/chimere/rss/templates/rss_descr.html b/chimere/rss/templates/rss_descr.html
index 5cd842a..7915383 100644
--- a/chimere/rss/templates/rss_descr.html
+++ b/chimere/rss/templates/rss_descr.html
@@ -1,7 +1,8 @@
 {% load i18n %}
+{% load sanitize %}
 <div id='detail_content'>
 {% if obj.picture %}<img src='{{obj.picture.url}}' alt="{{obj.name}}"/>{%endif%}
 <div>{% for property in obj.getProperties %}
-<p id='{{property.propertymodel.getNamedId}}'>{{ property.value|safe }}</p>
+<p id='{{property.propertymodel.getNamedId}}'>{{ property.value|sanitize:"p b a:href ul li ol h1 h2 h3 h4"|safe }}</p>
 {% endfor %}</div>
 </div>
author	Étienne Loks <etienne.loks@peacefrogs.net>	2010-12-06 17:17:25 +0100
committer	Étienne Loks <etienne.loks@peacefrogs.net>	2010-12-06 17:28:02 +0100
commit	b451c65f29cd7b18d48f8d6be33e7e0043fa4940 (patch)
tree	111cae8d2e15d76ffc70099e19401ec2e63d76f2
parent	e79a5d739d1a3253a88fac3f66f6a41e6dfd9d80 (diff)
download	Chimère-b451c65f29cd7b18d48f8d6be33e7e0043fa4940.tar.bz2 Chimère-b451c65f29cd7b18d48f8d6be33e7e0043fa4940.zip