diff options
author | Gabriel Pérez-Cerezo <gabriel@gpcf.eu> | 2018-07-06 23:21:49 +0200 |
---|---|---|
committer | Gabriel Pérez-Cerezo <gabriel@gpcf.eu> | 2018-07-06 23:21:49 +0200 |
commit | 95679599de538a4833dd873f0630e5819b60db10 (patch) | |
tree | 3375de183cba882702a47ddf0f207589858ffec8 /templates/bug.html | |
parent | 5fe8f5636768201db4703124aefd1378871c8429 (diff) | |
download | hemiptera-95679599de538a4833dd873f0630e5819b60db10.tar.gz hemiptera-95679599de538a4833dd873f0630e5819b60db10.tar.bz2 hemiptera-95679599de538a4833dd873f0630e5819b60db10.zip |
prevent html injection
Diffstat (limited to 'templates/bug.html')
-rw-r--r-- | templates/bug.html | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/templates/bug.html b/templates/bug.html index 7f58780..fc891fa 100644 --- a/templates/bug.html +++ b/templates/bug.html @@ -11,17 +11,17 @@ <h1><a href="/"> Hemiptera Bugtracker at {{DOMAIN}}</a></h1> <h2><a href="/{{prname}}" >{{prname}}</a></h2> <h3 class="subject" > - {{ replies[0]["Subject"] }} + {{ replies[0]["Subject"]|e }} </h3> Send replies to <a href="mailto:{{ bug.id }}@{{ DOMAIN }}" >{{ bug.id }}@{{ DOMAIN }}</a> </header> {% for i in replies %} <div class="container"> <div class="date {% if i["From"] == replies[0]["From"] %}op{% endif %}{% if i["From"] in devs %}dev{% endif %}"> - <img class="avatar" src="{{ i["Avatar"] }}" alt="avatar" /> From: {% if i["From"] == replies[0]["From"] %} OP {% elif i["From"] in devs %} Developer {% else %} Someone else {% endif %}<br> {{ i["Date"] }} + <img class="avatar" src="{{ i["Avatar"] }}" alt="avatar" /> From: {% if i["From"] == replies[0]["From"] %} OP {% elif i["From"] in devs %} Developer {% else %} Someone else {% endif %}<br> {{ i["Date"] |e}} </div> <div class="reply"> -<p>{{ i.get_body("plain").get_content().replace("\n", "</p><p>") }}</p> +<p>{{ i.get_body("plain").get_content()|e|replace("\n", "</p><p>") }}</p> </div> </div> {% endfor %} @@ -30,7 +30,7 @@ <div class="status-header date"> <img class="avatar" src="/static/excl.png" alt="avatar" /> <b>Status Update</b> <br> - {{ bug.closeddate }} + {{ bug.closeddate|e}} </div> <div class="status-message reply"> <i>This bug was closed.</i> |