| commit | a9f68c5e291adef832311c5ce5ae72f07c1f57d2 | |
| author | mtredinnick <mtredinnick@bcc190cf-cafb-0310-a4f2-bffc1f526a37> | |
| Tue, 26 Aug 2008 07:56:32 +0000 (26 07:56 +0000) | ||
| committer | mtredinnick <mtredinnick@bcc190cf-cafb-0310-a4f2-bffc1f526a37> | |
| Tue, 26 Aug 2008 07:56:32 +0000 (26 07:56 +0000) | ||
| tree | 44adb32e840ffc583de843f4670590482be48eea | treesnapshot (tar.gz zip) |
| parent | 12f463edee2361f92ddee8110c1ca1e41686b444 | commitdiff |
Fixed #7177 -- Added extra robustness to the escapejs filter so that all
invalid characters are correctly escaped. This avoids any chance to inject raw
HTML inside <script> tags. Thanks to Mike Wiacek for the patch and Collin Grady
for the tests.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8577 bcc190cf-cafb-0310-a4f2-bffc1f526a37
invalid characters are correctly escaped. This avoids any chance to inject raw
HTML inside <script> tags. Thanks to Mike Wiacek for the patch and Collin Grady
for the tests.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8577 bcc190cf-cafb-0310-a4f2-bffc1f526a37
| django/template/defaultfilters.py | diffblobblamehistory | |
| tests/regressiontests/templates/filters.py | diffblobblamehistory |