XSS escape cms/templates/component.html

2016-03-23 15:31:25 -04:00
parent 7922dcbb9c
commit 53a2960941
1 changed files with 2 additions and 1 deletions
--- a/cms/templates/component.html
+++ b/cms/templates/component.html
@@ -1,3 +1,4 @@
+<%page expression_filter="h"/>
 <%! from django.utils.translation import ugettext as _ %>
 <%namespace name='static' file='static_content.html'/>

@@ -27,4 +28,4 @@
    </ul>
 </div>
 <span data-tooltip="${_("Drag to reorder")}" class="drag-handle action"></span>
-${preview}
+${preview | n}