diff options
-rw-r--r-- | askbot/templates/users.html | 2 | ||||
-rw-r--r-- | askbot/utils/functions.py | 3 | ||||
-rw-r--r-- | askbot/views/commands.py | 2 |
3 files changed, 4 insertions, 3 deletions
diff --git a/askbot/templates/users.html b/askbot/templates/users.html index 5ab4c28a..14e07f7f 100644 --- a/askbot/templates/users.html +++ b/askbot/templates/users.html @@ -63,7 +63,7 @@ <div class="clearfix"></div> </div> {% if search_query %} - <p>{% trans %}users matching query {{search_query}}:{% endtrans %}</p> + <p>{% trans search_query=search_query|escape %}users matching query {{search_query}}:{% endtrans %}</p> {% endif %} {% if not users.object_list %} <p><span>{% trans %}Nothing found.{% endtrans %}</span></p> diff --git a/askbot/utils/functions.py b/askbot/utils/functions.py index 592dcf43..ba9df877 100644 --- a/askbot/utils/functions.py +++ b/askbot/utils/functions.py @@ -3,6 +3,7 @@ import random import datetime from django.utils.translation import ugettext as _ from django.utils.translation import ungettext +from django.utils.html import escape def get_from_dict_or_object(source, key): try: @@ -158,7 +159,7 @@ def setup_paginator(context): next_page_number = None return { - "base_url": context["base_url"], + "base_url": escape(context["base_url"]), "is_paginated": context["is_paginated"], "previous": previous_page_number, "has_previous": page_object.has_previous(), diff --git a/askbot/views/commands.py b/askbot/views/commands.py index 207a0615..dee8d1e4 100644 --- a/askbot/views/commands.py +++ b/askbot/views/commands.py @@ -699,7 +699,7 @@ def subscribe_for_tags(request): else: message = _( 'Tag subscription was canceled (<a href="%(url)s">undo</a>).' - ) % {'url': request.path + '?tags=' + request.REQUEST['tags']} + ) % {'url': escape(request.path) + '?tags=' + request.REQUEST['tags']} request.user.message_set.create(message = message) return HttpResponseRedirect(reverse('index')) else: |