kashire/lainchan
4
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Merge pull request #70 from Barrucadu/title-injection

Browse Source 
Fix unsanitised text vulnerability in post/fileinfo.html
This commit is contained in:
Marcin Łabanowski 2014-07-05 23:01:37 +02:00
commit fcf3863d47
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
templates/post/fileinfo.html
View File

@ -22,7 +22,7 @@
{% if config.show_filename and file.filename %} {% if config.show_filename and file.filename %}
, ,
{% if file.filename|length > config.max_filename_display %} {% if file.filename|length > config.max_filename_display %}
<span class="postfilename" title="{{ file.filename|e }}">{{ file.filename|truncate_filename(config.max_filename_display)|bidi_cleanup }}</span> <span class="postfilename" title="{{ file.filename|e|bidi_cleanup }}">{{ file.filename|truncate_filename(config.max_filename_display)|bidi_cleanup }}</span>
{% else %} {% else %}
<span class="postfilename">{{ file.filename|e|bidi_cleanup }}</span> <span class="postfilename">{{ file.filename|e|bidi_cleanup }}</span>
{% endif %} {% endif %}