fixed some xss issues

author: Evgeny Fadeev <evgeny.fadeev@gmail.com> 2013-05-07 23:59:42 -0400
committer: Evgeny Fadeev <evgeny.fadeev@gmail.com> 2013-05-07 23:59:42 -0400
commit: a676a86b6b7a5737d4da4f59f71e037406f88d29 (patch)
tree: c937dec0997b7a961785f239e46c43a9e9135709 /askbot/utils/functions.py
parent: 8ac806f3fd19e2cc08643560432b8bc2f99f6497 (diff)
download: askbot-a676a86b6b7a5737d4da4f59f71e037406f88d29.tar.gz
askbot-a676a86b6b7a5737d4da4f59f71e037406f88d29.tar.bz2
askbot-a676a86b6b7a5737d4da4f59f71e037406f88d29.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/askbot/utils/functions.py b/askbot/utils/functions.py
index 592dcf43..ba9df877 100644
--- a/askbot/utils/functions.py
+++ b/askbot/utils/functions.py
@@ -3,6 +3,7 @@ import random
 import datetime
 from django.utils.translation import ugettext as _
 from django.utils.translation import ungettext
+from django.utils.html import escape
 
 def get_from_dict_or_object(source, key):
     try:
@@ -158,7 +159,7 @@ def setup_paginator(context):
             next_page_number = None
 
         return {
-            "base_url": context["base_url"],
+            "base_url": escape(context["base_url"]),
             "is_paginated": context["is_paginated"],
             "previous": previous_page_number,
             "has_previous": page_object.has_previous(),
author	Evgeny Fadeev <evgeny.fadeev@gmail.com>	2013-05-07 23:59:42 -0400
committer	Evgeny Fadeev <evgeny.fadeev@gmail.com>	2013-05-07 23:59:42 -0400
commit	a676a86b6b7a5737d4da4f59f71e037406f88d29 (patch)
tree	c937dec0997b7a961785f239e46c43a9e9135709 /askbot/utils/functions.py
parent	8ac806f3fd19e2cc08643560432b8bc2f99f6497 (diff)
download	askbot-a676a86b6b7a5737d4da4f59f71e037406f88d29.tar.gz askbot-a676a86b6b7a5737d4da4f59f71e037406f88d29.tar.bz2 askbot-a676a86b6b7a5737d4da4f59f71e037406f88d29.zip