diff options
author | Evgeny Fadeev <evgeny.fadeev@gmail.com> | 2012-06-16 03:27:20 -0400 |
---|---|---|
committer | Evgeny Fadeev <evgeny.fadeev@gmail.com> | 2012-06-16 03:27:20 -0400 |
commit | 073bedd716fca9c4d08175ec1cc6947c87ad0636 (patch) | |
tree | 87032f8324e5b65c9ee79fd2c4edc6c5be28f5bf /askbot/utils/html.py | |
parent | 7cafe4b7a02c79f574862f7abbb56c194734fee0 (diff) | |
download | askbot-073bedd716fca9c4d08175ec1cc6947c87ad0636.tar.gz askbot-073bedd716fca9c4d08175ec1cc6947c87ad0636.tar.bz2 askbot-073bedd716fca9c4d08175ec1cc6947c87ad0636.zip |
added spammy to the test content set and protected code from such input
Diffstat (limited to 'askbot/utils/html.py')
-rw-r--r-- | askbot/utils/html.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/askbot/utils/html.py b/askbot/utils/html.py index 1ce3ad35..2e3c1913 100644 --- a/askbot/utils/html.py +++ b/askbot/utils/html.py @@ -5,6 +5,7 @@ import re import htmlentitydefs from urlparse import urlparse from django.core.urlresolvers import reverse +from django.utils.html import escape class HTMLSanitizerMixin(sanitizer.HTMLSanitizerMixin): acceptable_elements = ('a', 'abbr', 'acronym', 'address', 'b', 'big', @@ -62,7 +63,7 @@ def site_link(url_name, title): from askbot.conf import settings base_url = urlparse(settings.APP_URL) url = base_url.scheme + '://' + base_url.netloc + reverse(url_name) - return '<a href="%s">%s</a>' % (url, title) + return '<a href="%s">%s</a>' % (url, escape(title)) def unescape(text): """source: http://effbot.org/zone/re-sub.htm#unescape-html |