Merge pull request #98 from plone/maurits-xss-master

Fixed possible cross site scripting attack on moderate comments page [master]
2016-06-06 10:10:57 +02:00 · 2016-06-06 10:10:57 +02:00 · 43ea783824
commit 43ea783824
parent 085567431f e1dbaef82a
2 changed files with 2 additions and 2 deletions
--- a/CHANGES.rst
+++ b/CHANGES.rst
@ -14,7 +14,7 @@ New features:
 Bug fixes:
- *add item here*
+- Fixed possible cross site scripting (XSS) attack on moderate comments page.  [maurits]
--- a/plone/app/discussion/browser/moderation.pt
+++ b/plone/app/discussion/browser/moderation.pt
@ -110,7 +110,7 @@
                                       tal:content="item/in_response_to" />
                                </td>
                                <td>
-                                    <span tal:replace="structure item/Description" />
+                                    <span tal:replace="item/Description" />
                                    <a href=""
                                       tal:attributes="href string:${item/getURL}/getText"
                                       tal:condition="python:item.Description.endswith('[...]')"
`@ -14,7 +14,7 @@ New features:`

	`Bug fixes:`	`Bug fixes:`

	`- add item here`	`- Fixed possible cross site scripting (XSS) attack on moderate comments page. [maurits]`