Merge pull request #98 from plone/maurits-xss-master

Fixed possible cross site scripting attack on moderate comments page [master]
This commit is contained in:
Maurits van Rees 2016-06-06 10:10:57 +02:00
commit 43ea783824
2 changed files with 2 additions and 2 deletions

View File

@ -14,7 +14,7 @@ New features:
Bug fixes:
- *add item here*
- Fixed possible cross site scripting (XSS) attack on moderate comments page. [maurits]

View File

@ -110,7 +110,7 @@
tal:content="item/in_response_to" />
</td>
<td>
<span tal:replace="structure item/Description" />
<span tal:replace="item/Description" />
<a href=""
tal:attributes="href string:${item/getURL}/getText"
tal:condition="python:item.Description.endswith('[...]')"