kashire/lainchan
4
0
Fork 0
Code Issues 9 Pull Requests Releases Wiki Activity

fileboard: fix possible XSS (mainly applicable to 8chan)

Browse Source
This commit is contained in:
czaks 2015-04-23 03:45:08 +02:00
parent b5370fd3e5
commit 271dcb7a65
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
templates/post_form.html
View File

@ -98,7 +98,7 @@
<td> <td>
<select name="tag"> <select name="tag">
{% for id, tag in config.allowed_tags %} {% for id, tag in config.allowed_tags %}
<option value="{{ id }}">{{ tag }}</option> <option value="{{ id|e }}">{{ tag|e }}</option>
{% endfor %} {% endfor %}
</select> </select>
</td> </td>

2
templates/post_thread_fileboard.html
View File

@ -9,7 +9,7 @@
<td>{% include 'post/name.html' %} <td>{% include 'post/name.html' %}
{% include 'post/flag.html' %} {% include 'post/flag.html' %}
<td>[<a href="{{ config.uri_img }}{{ post.files[0].file }}">{{ post.files[0].filename|e|bidi_cleanup }}</a>] <td>[<a href="{{ config.uri_img }}{{ post.files[0].file }}">{{ post.files[0].filename|e|bidi_cleanup }}</a>]
<td>{% if post.modifiers['tag'] %}[{{ post.modifiers['tag'] }}]{% endif %} <td>{% if post.modifiers['tag'] %}[{{ post.modifiers['tag']|e }}]{% endif %}
<td>{% include 'post/subject.html' %} <td>{% include 'post/subject.html' %}
{% if post.sticky %} {% if post.sticky %}
{% if config.font_awesome %} {% if config.font_awesome %}