kashire/lainchan
4
0
Fork 0
Code Issues 18 Pull Requests Releases Wiki Activity

escaping on all fields

Browse Source
This commit is contained in:
f0x52 2017-04-17 22:30:14 +02:00
parent 641b694d59
commit e3b3e1601c
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
templates/mod/edit_post_form.html
View File

@ -7,7 +7,7 @@
{% trans %}Name{% endtrans %} {% trans %}Name{% endtrans %}
</th> </th>
<td> <td>
<input type="text" name="name" size="25" maxlength="35" autocomplete="off" value="{{ post.name }}"> <input type="text" name="name" size="25" maxlength="35" autocomplete="off" value="{{ post.name|e }}">
</td> </td>
</tr> </tr>
<tr> <tr>
@ -15,7 +15,7 @@
{% trans %}Email{% endtrans %} {% trans %}Email{% endtrans %}
</th> </th>
<td> <td>
<input type="text" name="email" size="25" maxlength="40" autocomplete="off" value="{{ post.email }}"> <input type="text" name="email" size="25" maxlength="40" autocomplete="off" value="{{ post.email|e }}">
</td> </td>
</tr> </tr>
<tr> <tr>
@ -32,7 +32,7 @@
{% trans %}Comment{% endtrans %} {% trans %}Comment{% endtrans %}
</th> </th>
<td> <td>
<textarea name="body" id="body" rows="8" cols="35">{% if raw %}{{ post.body }}{% else %}{{ post.body_nomarkup }}{% endif %}</textarea> <textarea name="body" id="body" rows="8" cols="35">{% if raw %}{{ post.body|e }}{% else %}{{ post.body_nomarkup|e }}{% endif %}</textarea>
</td> </td>
</tr> </tr>
</table> </table>