diff options
author | Evgeny Fadeev <evgeny.fadeev@gmail.com> | 2013-05-07 23:59:42 -0400 |
---|---|---|
committer | Evgeny Fadeev <evgeny.fadeev@gmail.com> | 2013-05-07 23:59:42 -0400 |
commit | a676a86b6b7a5737d4da4f59f71e037406f88d29 (patch) | |
tree | c937dec0997b7a961785f239e46c43a9e9135709 /askbot/views/commands.py | |
parent | 8ac806f3fd19e2cc08643560432b8bc2f99f6497 (diff) | |
download | askbot-a676a86b6b7a5737d4da4f59f71e037406f88d29.tar.gz askbot-a676a86b6b7a5737d4da4f59f71e037406f88d29.tar.bz2 askbot-a676a86b6b7a5737d4da4f59f71e037406f88d29.zip |
fixed some xss issues
Diffstat (limited to 'askbot/views/commands.py')
-rw-r--r-- | askbot/views/commands.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/askbot/views/commands.py b/askbot/views/commands.py index 207a0615..dee8d1e4 100644 --- a/askbot/views/commands.py +++ b/askbot/views/commands.py @@ -699,7 +699,7 @@ def subscribe_for_tags(request): else: message = _( 'Tag subscription was canceled (<a href="%(url)s">undo</a>).' - ) % {'url': request.path + '?tags=' + request.REQUEST['tags']} + ) % {'url': escape(request.path) + '?tags=' + request.REQUEST['tags']} request.user.message_set.create(message = message) return HttpResponseRedirect(reverse('index')) else: |