fixed some xss issues

author: Evgeny Fadeev <evgeny.fadeev@gmail.com> 2013-05-07 23:59:42 -0400
committer: Evgeny Fadeev <evgeny.fadeev@gmail.com> 2013-05-07 23:59:42 -0400
commit: a676a86b6b7a5737d4da4f59f71e037406f88d29 (patch)
tree: c937dec0997b7a961785f239e46c43a9e9135709 /askbot/views/commands.py
parent: 8ac806f3fd19e2cc08643560432b8bc2f99f6497 (diff)
download: askbot-a676a86b6b7a5737d4da4f59f71e037406f88d29.tar.gz
askbot-a676a86b6b7a5737d4da4f59f71e037406f88d29.tar.bz2
askbot-a676a86b6b7a5737d4da4f59f71e037406f88d29.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/askbot/views/commands.py b/askbot/views/commands.py
index 207a0615..dee8d1e4 100644
--- a/askbot/views/commands.py
+++ b/askbot/views/commands.py
@@ -699,7 +699,7 @@ def subscribe_for_tags(request):
             else:
                 message = _(
                     'Tag subscription was canceled (<a href="%(url)s">undo</a>).'
-                ) % {'url': request.path + '?tags=' + request.REQUEST['tags']}
+                ) % {'url': escape(request.path) + '?tags=' + request.REQUEST['tags']}
                 request.user.message_set.create(message = message)
             return HttpResponseRedirect(reverse('index'))
         else:
author	Evgeny Fadeev <evgeny.fadeev@gmail.com>	2013-05-07 23:59:42 -0400
committer	Evgeny Fadeev <evgeny.fadeev@gmail.com>	2013-05-07 23:59:42 -0400
commit	a676a86b6b7a5737d4da4f59f71e037406f88d29 (patch)
tree	c937dec0997b7a961785f239e46c43a9e9135709 /askbot/views/commands.py
parent	8ac806f3fd19e2cc08643560432b8bc2f99f6497 (diff)
download	askbot-a676a86b6b7a5737d4da4f59f71e037406f88d29.tar.gz askbot-a676a86b6b7a5737d4da4f59f71e037406f88d29.tar.bz2 askbot-a676a86b6b7a5737d4da4f59f71e037406f88d29.zip