Fixed possible cross site scripting (XSS) attack on moderate comments page.

2016-05-30 09:43:25 +02:00 · 2016-05-30 09:43:25 +02:00 · e1dbaef82a
commit e1dbaef82a
parent 085567431f
2 changed files with 2 additions and 2 deletions
--- a/CHANGES.rst
+++ b/CHANGES.rst
@ -14,7 +14,7 @@ New features:

 Bug fixes:

- *add item here*
+- Fixed possible cross site scripting (XSS) attack on moderate comments page.  [maurits]



--- a/plone/app/discussion/browser/moderation.pt
+++ b/plone/app/discussion/browser/moderation.pt
@ -110,7 +110,7 @@
                                       tal:content="item/in_response_to" />
                                </td>
                                <td>
-                                    <span tal:replace="structure item/Description" />
+                                    <span tal:replace="item/Description" />
                                    <a href=""
                                       tal:attributes="href string:${item/getURL}/getText"
                                       tal:condition="python:item.Description.endswith('[...]')"