From e1dbaef82a801c58576057564ab3689dba983c15 Mon Sep 17 00:00:00 2001
From: Maurits van Rees <maurits@vanrees.org>
Date: Mon, 30 May 2016 09:43:25 +0200
Subject: [PATCH] Fixed possible cross site scripting (XSS) attack on moderate
 comments page.

---
 CHANGES.rst                                | 2 +-
 plone/app/discussion/browser/moderation.pt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index a10ba9f..c54fd67 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -14,7 +14,7 @@ New features:
 
 Bug fixes:
 
-- *add item here*
+- Fixed possible cross site scripting (XSS) attack on moderate comments page.  [maurits]
 
 
 
diff --git a/plone/app/discussion/browser/moderation.pt b/plone/app/discussion/browser/moderation.pt
index 39ae1f0..d89fff0 100644
--- a/plone/app/discussion/browser/moderation.pt
+++ b/plone/app/discussion/browser/moderation.pt
@@ -110,7 +110,7 @@
                                        tal:content="item/in_response_to" />
                                 </td>
                                 <td>
-                                    <span tal:replace="structure item/Description" />
+                                    <span tal:replace="item/Description" />
                                     <a href=""
                                        tal:attributes="href string:${item/getURL}/getText"
                                        tal:condition="python:item.Description.endswith('[...]')"