Mercurial > public > sg101

changeset 162:6a5bdcf93ad3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix #48; shoutbox was no longer escaping user input on display.
author Brian Neal <bgneal@gmail.com>
date Tue, 22 Dec 2009 03:55:37 +0000
parents 445e1466a98d
children 4f07047e0a40
files gpp/shoutbox/models.py
diffstat 1 files changed, 2 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/gpp/shoutbox/models.py	Tue Dec 22 03:31:43 2009 +0000
+++ b/gpp/shoutbox/models.py	Tue Dec 22 03:55:37 2009 +0000
@@ -5,7 +5,7 @@
 
 from django.db import models
 from django.contrib.auth.models import User
-from django.utils.html import urlize
+from django.utils.html import escape, urlize
 
 from smiley import smilify_html
 
@@ -31,7 +31,7 @@
     def save(self, *args, **kwargs):
         if not self.id:
             self.shout_date = datetime.datetime.now()
-        self.html = urlize(smilify_html(self.shout), trim_url_limit=15, 
+        self.html = urlize(smilify_html(escape(self.shout)), trim_url_limit=15, 
                 nofollow=True)
         super(Shout, self).save(*args, **kwargs)