Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Clean XSS in lms template

Browse Source
This commit is contained in:
asadazam93
2018-12-28 15:27:02 +05:00
parent c515b3570e
commit 25cf39daa4
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
AUTHORS
View File

@@ -290,3 +290,4 @@ Matt Tuchfarber <mtuchfarber@edx.org>
Stuart Young <syoung@edx.org>
Michael Youngstrom <myoungstrom@edx.org>
Sahar Markovich <sahar.markovich@gmail.com>
Asad Azam <asadazam93@gmail.com>

3
openedx/core/djangoapps/debug/views.py
View File

@@ -3,6 +3,7 @@ Views that are only activated when the project is running in development mode.
These views will NOT be shown on production: trying to access them will result
in a 404 error.
"""
import bleach
from django.http import HttpResponseNotFound
from django.template import TemplateDoesNotExist
from django.utils.translation import ugettext as _
@@ -52,4 +53,4 @@ def show_reference_template(request, template):
return render_to_response(template, context)
except TemplateDoesNotExist:
return HttpResponseNotFound('Missing template {template}'.format(template=template))
return HttpResponseNotFound('Missing template {template}'.format(template=bleach.clean(template, strip=True)))