added escapes in some template outputs

author: Evgeny Fadeev <evgeny.fadeev@gmail.com> 2014-04-17 13:52:13 -0300
committer: Evgeny Fadeev <evgeny.fadeev@gmail.com> 2014-04-17 13:52:13 -0300
commit: f177e505a9c1d6ceb984f52d256ec6c653aab7f5 (patch)
tree: e6e20e7e5293d9839c305d53a736de4352659e22
parent: 27738dbd35d2a2d8d0fc71be61a4192c6dc200f1 (diff)
download: askbot-f177e505a9c1d6ceb984f52d256ec6c653aab7f5.tar.gz
askbot-f177e505a9c1d6ceb984f52d256ec6c653aab7f5.tar.bz2
askbot-f177e505a9c1d6ceb984f52d256ec6c653aab7f5.zip
2 files changed, 2 insertions, 2 deletions
diff --git a/askbot/templates/macros.html b/askbot/templates/macros.html
index a17c808e..699bd7f3 100644
--- a/askbot/templates/macros.html
+++ b/askbot/templates/macros.html
@@ -643,7 +643,7 @@ for the purposes of the AJAX comment editor #}
 
 {%- macro user_full_location(user) -%}
     {% if user.location %}
-        {{ user.location }},
+        {{ user.location|escape }},
     {% endif %}
     {{ user_country_name_and_flag(user) }}
 {%- endmacro -%}
diff --git a/askbot/templates/user_profile/user_info.html b/askbot/templates/user_profile/user_info.html
index 93f1660f..6a9ff91e 100644
--- a/askbot/templates/user_profile/user_info.html
+++ b/askbot/templates/user_profile/user_info.html
@@ -125,7 +125,7 @@
     </div>
     <div class="col3 user-about">
     {% if view_user.about and (not view_user.is_blocked()) %}
-        {{view_user.about|linebreaks}}
+        {{view_user.about|linebreaks|escape}}
     {% endif %}
     </div>
 </div>
author	Evgeny Fadeev <evgeny.fadeev@gmail.com>	2014-04-17 13:52:13 -0300
committer	Evgeny Fadeev <evgeny.fadeev@gmail.com>	2014-04-17 13:52:13 -0300
commit	f177e505a9c1d6ceb984f52d256ec6c653aab7f5 (patch)
tree	e6e20e7e5293d9839c305d53a736de4352659e22
parent	27738dbd35d2a2d8d0fc71be61a4192c6dc200f1 (diff)
download	askbot-f177e505a9c1d6ceb984f52d256ec6c653aab7f5.tar.gz askbot-f177e505a9c1d6ceb984f52d256ec6c653aab7f5.tar.bz2 askbot-f177e505a9c1d6ceb984f52d256ec6c653aab7f5.zip