small tweaks in content cleaning

2 files changed, 4 insertions, 3 deletions

diff --git a/askbot/views/commands.py b/askbot/views/commands.py
index 83f62b34..e343c85e 100644
--- a/askbot/views/commands.py
+++ b/askbot/views/commands.py
@@ -14,6 +14,7 @@ from django.forms import ValidationError, IntegerField, CharField
 from django.shortcuts import get_object_or_404
 from django.views.decorators import csrf
 from django.utils import simplejson
+from django.utils.html import escape
 from django.utils.translation import ugettext as _
 from django.utils.translation import string_concat
 from askbot import models
@@ -576,7 +577,7 @@ def api_get_questions(request):
     threads = threads.distinct()[:30]
     thread_list = [{
         'url': thread.get_absolute_url(),
-        'title': thread.title,
+        'title': escape(thread.title),
         'answer_count': thread.answer_count
     } for thread in threads]
     json_data = simplejson.dumps(thread_list)
diff --git a/askbot/views/readers.py b/askbot/views/readers.py
index d7e5cecc..f581ea82 100644
--- a/askbot/views/readers.py
+++ b/askbot/views/readers.py
@@ -164,7 +164,7 @@ def questions(request, **kwargs):
             },
             'paginator': paginator_html,
             'question_counter': question_counter,
-            'faces': [extra_tags.gravatar(contributor, 48) for contributor in contributors],
+            'faces': [],#[extra_tags.gravatar(contributor, 48) for contributor in contributors],
             'feed_url': context_feed_url,
             'query_string': search_state.query_string(),
             'page_size' : page_size,
@@ -172,7 +172,7 @@ def questions(request, **kwargs):
             'non_existing_tags': meta_data['non_existing_tags']
         }
         ajax_data['related_tags'] = [{
-            'name': tag.name,
+            'name': escape(tag.name),
             'used_count': humanize.intcomma(tag.local_used_count)
         } for tag in related_tags]