fileboard: fix possible XSS (mainly applicable to 8chan)

This commit is contained in:
czaks 2015-04-23 03:45:08 +02:00
parent b5370fd3e5
commit 271dcb7a65
2 changed files with 2 additions and 2 deletions

View File

@ -98,7 +98,7 @@
<td>
<select name="tag">
{% for id, tag in config.allowed_tags %}
<option value="{{ id }}">{{ tag }}</option>
<option value="{{ id|e }}">{{ tag|e }}</option>
{% endfor %}
</select>
</td>

View File

@ -9,7 +9,7 @@
<td>{% include 'post/name.html' %}
{% include 'post/flag.html' %}
<td>[<a href="{{ config.uri_img }}{{ post.files[0].file }}">{{ post.files[0].filename|e|bidi_cleanup }}</a>]
<td>{% if post.modifiers['tag'] %}[{{ post.modifiers['tag'] }}]{% endif %}
<td>{% if post.modifiers['tag'] %}[{{ post.modifiers['tag']|e }}]{% endif %}
<td>{% include 'post/subject.html' %}
{% if post.sticky %}
{% if config.font_awesome %}