Merge pull request from vichan-devel/vichan#230 from antedeguemon/master Fixed XSS in post edit page and modsearch, this is a partial merge of just modsearch, we already fixed the edit post escaping earlier.

This commit is contained in:
Benjamin Southall 2017-06-08 08:11:18 +09:00
parent 13f856189b
commit 19e6658bc1

View File

@ -224,7 +224,7 @@
<a class="email" href="mailto:{{ post.email }}">
{% endif %}
{% set capcode = post.capcode|capcode %}
<span {% if capcode.name %}style="{{ capcode.name }}" {% endif %}class="name">{{ post.name }}</span>
<span {% if capcode.name %}style="{{ capcode.name }}" {% endif %}class="name">{{ post.name|e }}</span>
{% if post.trip|length > 0 %}
<span {% if capcode.trip %}style="{{ capcode.trip }}" {% endif %}class="trip">{{ post.trip }}</span>
{% endif %}
@ -239,7 +239,7 @@
</td>
<td style="max-width:250px">
{% if post.subject %}
<small>{{ post.subject }}</small>
<small>{{ post.subject|e }}</small>
{% else %}
&ndash;
{% endif %}