From cdd8307f993968830b8fe46f0e5d9d3c2d02cfcc Mon Sep 17 00:00:00 2001 From: hernani Date: Sat, 17 Mar 2012 15:52:27 +0000 Subject: [PATCH] This should fix a security problem reported by Kousuke Ebihara. Thanks git-svn-id: http://svn.osqa.net/svnroot/osqa/trunk@1234 0cfe37f9-358a-4d5e-be75-b63607b5c754 --- forum/utils/html.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/forum/utils/html.py b/forum/utils/html.py index 441f1f2..256a2d8 100644 --- a/forum/utils/html.py +++ b/forum/utils/html.py @@ -1,6 +1,7 @@ """Utilities for working with HTML.""" #import html5lib from html5lib import sanitizer, serializer, tokenizer, treebuilders, treewalkers, HTMLParser +from urllib import quote_plus from django.utils.html import strip_tags from forum.utils.html2text import HTML2Text from django.utils.safestring import mark_safe @@ -50,7 +51,7 @@ def sanitize_html(html): return u''.join(output_generator) def cleanup_urls(url): - return strip_tags(url) + return quote_plus(strip_tags(url)) def html2text(s, ignore_tags=(), indent_width=4, page_width=80): -- 2.39.5