Merge pull request from vichan-devel/vichan#230 from antedeguemon/master Fixed XSS in post edit page and modsearch, this is a partial merge of just modsearch, we already fixed the edit post escaping earlier.

7 years ago · 19e6658bc1
1 changed files with 2 additions and 2 deletions
--- a/templates/mod/search_results.html
+++ b/templates/mod/search_results.html
@ -224,7 +224,7 @@
 							<a class="email" href="mailto:{{ post.email }}">
 						{% endif %}
 						{% set capcode = post.capcode|capcode %}
-						<span {% if capcode.name %}style="{{ capcode.name }}" {% endif %}class="name">{{ post.name }}</span>
+						<span {% if capcode.name %}style="{{ capcode.name }}" {% endif %}class="name">{{ post.name|e }}</span>
 						{% if post.trip|length > 0 %}
 							<span {% if capcode.trip %}style="{{ capcode.trip }}" {% endif %}class="trip">{{ post.trip }}</span>
 						{% endif %}
@ -239,7 +239,7 @@
 				</td>
 				<td style="max-width:250px">
 					{% if post.subject %}
-						<small>{{ post.subject }}</small>
+						<small>{{ post.subject|e }}</small>
 					{% else %}
 						&ndash;
 					{% endif %}