# HG changeset patch # User Brian Neal # Date 1261454137 0 # Node ID 6a5bdcf93ad3c9ff308cbd9991b2f424db002803 # Parent 445e1466a98dd6d23be0e23d74ad1e177b4eeb41 Fix #48; shoutbox was no longer escaping user input on display. diff -r 445e1466a98d -r 6a5bdcf93ad3 gpp/shoutbox/models.py --- a/gpp/shoutbox/models.py Tue Dec 22 03:31:43 2009 +0000 +++ b/gpp/shoutbox/models.py Tue Dec 22 03:55:37 2009 +0000 @@ -5,7 +5,7 @@ from django.db import models from django.contrib.auth.models import User -from django.utils.html import urlize +from django.utils.html import escape, urlize from smiley import smilify_html @@ -31,7 +31,7 @@ def save(self, *args, **kwargs): if not self.id: self.shout_date = datetime.datetime.now() - self.html = urlize(smilify_html(self.shout), trim_url_limit=15, + self.html = urlize(smilify_html(escape(self.shout)), trim_url_limit=15, nofollow=True) super(Shout, self).save(*args, **kwargs)