Use a sanitize filter to correct a security issue (closes #283)

author: Étienne Loks <etienne.loks@peacefrogs.net> 2010-11-27 19:09:37 +0100
committer: Étienne Loks <etienne.loks@peacefrogs.net> 2010-11-27 19:09:37 +0100
commit: 9938ec566e87fe66cd8e91576fefbfbcadddd9c3 (patch)
tree: 50aba593f62f4b05cd23ecb2be4395a7ffd2b1bb /chimere/templates/welcome.html
parent: 30c05dafd18c1c6670453a0fecbedef21cae9ddf (diff)
download: Chimère-9938ec566e87fe66cd8e91576fefbfbcadddd9c3.tar.bz2
Chimère-9938ec566e87fe66cd8e91576fefbfbcadddd9c3.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/chimere/templates/welcome.html b/chimere/templates/welcome.html
index 8206c18..d568851 100644
--- a/chimere/templates/welcome.html
+++ b/chimere/templates/welcome.html
@@ -1,4 +1,5 @@
 {% load i18n %}
+{% load sanitize %}
 <div id='welcome' {% if not display %}style='display:None'{%endif%}>
 <h2>{% trans "Welcome to Chimère"%}</h2>
 <div id='detail_content'>
@@ -12,7 +13,7 @@
    {% else %}
    <h3>{{news.name}} &ndash; {{ news.start_date }}{% if news.end_date %} - {{ news.end_date }}{% endif %}</h3>
    {% for property in news.getProperties %}
-   <p id='{{news.propertymodel.getNamedId}}'>{{ property.value|safe }}</p>
+   <p id='{{news.propertymodel.getNamedId}}'>{{ property.value|sanitize:"p b a:href ul li ol h1 h2 h3 h4"|safe }}</p>
    {% endfor %}
    <p class='marker_link'><a href='{{ news.get_absolute_url }}'>{% trans "See it on the map"%}</a></p>
    {% endif %}
author	Étienne Loks <etienne.loks@peacefrogs.net>	2010-11-27 19:09:37 +0100
committer	Étienne Loks <etienne.loks@peacefrogs.net>	2010-11-27 19:09:37 +0100
commit	9938ec566e87fe66cd8e91576fefbfbcadddd9c3 (patch)
tree	50aba593f62f4b05cd23ecb2be4395a7ffd2b1bb /chimere/templates/welcome.html
parent	30c05dafd18c1c6670453a0fecbedef21cae9ddf (diff)
download	Chimère-9938ec566e87fe66cd8e91576fefbfbcadddd9c3.tar.bz2 Chimère-9938ec566e87fe66cd8e91576fefbfbcadddd9c3.zip