From b451c65f29cd7b18d48f8d6be33e7e0043fa4940 Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@peacefrogs.net>
Date: Mon, 6 Dec 2010 17:17:25 +0100
Subject: Correct a security issue in RSS feeds (closes #286)

---
 chimere/rss/templates/rss_descr.html | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/chimere/rss/templates/rss_descr.html b/chimere/rss/templates/rss_descr.html
index 5cd842a..7915383 100644
--- a/chimere/rss/templates/rss_descr.html
+++ b/chimere/rss/templates/rss_descr.html
@@ -1,7 +1,8 @@
 {% load i18n %}
+{% load sanitize %}
 <div id='detail_content'>
 {% if obj.picture %}<img src='{{obj.picture.url}}' alt="{{obj.name}}"/>{%endif%}
 <div>{% for property in obj.getProperties %}
-<p id='{{property.propertymodel.getNamedId}}'>{{ property.value|safe }}</p>
+<p id='{{property.propertymodel.getNamedId}}'>{{ property.value|sanitize:"p b a:href ul li ol h1 h2 h3 h4"|safe }}</p>
 {% endfor %}</div>
 </div>
-- 
cgit v1.2.3