changeset 4512:89b91bf87dad

Fixed XSS issue in antispam
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 27 Jan 2009 21:17:55 +0100
parents 83bdb8f78bce
children 4832d31195bb 5c4043e651b3
files MoinMoin/security/antispam.py
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/security/antispam.py	Sat Jan 24 05:33:07 2009 +0100
+++ b/MoinMoin/security/antispam.py	Tue Jan 27 21:17:55 2009 +0100
@@ -185,7 +185,7 @@
                         # Log error and raise SaveError, PageEditor should handle this.
                         _ = editor.request.getText
                         msg = _('Sorry, can not save page because "%(content)s" is not allowed in this wiki.') % {
-                                'content': match.group()
+                                  'content': wikiutil.escape(match.group())
                               }
                         logging.info(msg)
                         raise editor.SaveError(msg)