Fix unsanitised text vulnerability in post/fileinfo.html

This commit is contained in:
Michael Walker 2014-07-05 21:54:21 +01:00
parent 9df6ca8ddd
commit 8aff83bdd4

View File

@ -22,7 +22,7 @@
{% if config.show_filename and file.filename %}
,
{% if file.filename|length > config.max_filename_display %}
<span class="postfilename" title="{{ file.filename|e }}">{{ file.filename|truncate_filename(config.max_filename_display)|bidi_cleanup }}</span>
<span class="postfilename" title="{{ file.filename|e|bidi_cleanup }}">{{ file.filename|truncate_filename(config.max_filename_display)|bidi_cleanup }}</span>
{% else %}
<span class="postfilename">{{ file.filename|e|bidi_cleanup }}</span>
{% endif %}