From 95552c53b84f18d0d3fd8581dd65737245cb7c53 Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@peacefrogs.net>
Date: Mon, 6 Dec 2010 17:17:25 +0100
Subject: Correct a security issue in RSS feeds (closes #286)

---
 chimere/rss/templates/rss_descr.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/chimere/rss/templates/rss_descr.html b/chimere/rss/templates/rss_descr.html
index 5cd842a..8d4d225 100644
--- a/chimere/rss/templates/rss_descr.html
+++ b/chimere/rss/templates/rss_descr.html
@@ -2,6 +2,6 @@
 <div id='detail_content'>
 {% if obj.picture %}<img src='{{obj.picture.url}}' alt="{{obj.name}}"/>{%endif%}
 <div>{% for property in obj.getProperties %}
-<p id='{{property.propertymodel.getNamedId}}'>{{ property.value|safe }}</p>
+<p id='{{property.propertymodel.getNamedId}}'>{{ property.value|sanitize:"p b a:href ul li ol h1 h2 h3 h4"|safe }}</p>
 {% endfor %}</div>
 </div>
-- 
cgit v1.2.3