Fixed possible cross site scripting (XSS) attack on moderate comments page.

This commit is contained in:
Maurits van Rees 2016-05-30 09:43:25 +02:00
parent 085567431f
commit e1dbaef82a
2 changed files with 2 additions and 2 deletions

View File

@ -14,7 +14,7 @@ New features:
Bug fixes:
- *add item here*
- Fixed possible cross site scripting (XSS) attack on moderate comments page. [maurits]

View File

@ -110,7 +110,7 @@
tal:content="item/in_response_to" />
</td>
<td>
<span tal:replace="structure item/Description" />
<span tal:replace="item/Description" />
<a href=""
tal:attributes="href string:${item/getURL}/getText"
tal:condition="python:item.Description.endswith('[...]')"