Merge pull request #98 from plone/maurits-xss-master
Fixed possible cross site scripting attack on moderate comments page [master]
This commit is contained in:
commit
43ea783824
@ -14,7 +14,7 @@ New features:
|
|||||||
|
|
||||||
Bug fixes:
|
Bug fixes:
|
||||||
|
|
||||||
- *add item here*
|
- Fixed possible cross site scripting (XSS) attack on moderate comments page. [maurits]
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -110,7 +110,7 @@
|
|||||||
tal:content="item/in_response_to" />
|
tal:content="item/in_response_to" />
|
||||||
</td>
|
</td>
|
||||||
<td>
|
<td>
|
||||||
<span tal:replace="structure item/Description" />
|
<span tal:replace="item/Description" />
|
||||||
<a href=""
|
<a href=""
|
||||||
tal:attributes="href string:${item/getURL}/getText"
|
tal:attributes="href string:${item/getURL}/getText"
|
||||||
tal:condition="python:item.Description.endswith('[...]')"
|
tal:condition="python:item.Description.endswith('[...]')"
|
||||||
|
Loading…
Reference in New Issue
Block a user