Fixed XSS issue in antispam
authorThomas Waldmann <tw AT waldmann-edv DOT de>
Tue, 27 Jan 2009 21:17:55 +0100
changeset 385489b91bf87dad
parent 3853 83bdb8f78bce
child 3855 5c4043e651b3
Fixed XSS issue in antispam
MoinMoin/security/antispam.py
     1.1 --- a/MoinMoin/security/antispam.py	Sat Jan 24 05:33:07 2009 +0100
     1.2 +++ b/MoinMoin/security/antispam.py	Tue Jan 27 21:17:55 2009 +0100
     1.3 @@ -185,7 +185,7 @@
     1.4                          # Log error and raise SaveError, PageEditor should handle this.
     1.5                          _ = editor.request.getText
     1.6                          msg = _('Sorry, can not save page because "%(content)s" is not allowed in this wiki.') % {
     1.7 -                                'content': match.group()
     1.8 +                                  'content': wikiutil.escape(match.group())
     1.9                                }
    1.10                          logging.info(msg)
    1.11                          raise editor.SaveError(msg)