Skip to content

Commit

Permalink
XSS fix for 'firstof' in folder template
Browse files Browse the repository at this point in the history
  • Loading branch information
plumdog committed Jun 15, 2015
1 parent 5de2c69 commit 7bdf210
Showing 1 changed file with 6 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,12 @@
{% endaddtoblock %}


{% firstof object.title object.folder.name %}
{# Does not use `firstof` as pre Django1.8, `firstof` does not escape its output. #}
{% if object.title %}
{{ object.title }}
{% else %}
{{ object.folder.name }}
{% endif %}

{% if object.view_option == "list" %}
<div class="cmsplugin_filer_folder_list" id="folder_{{ instance.id }}">
Expand Down

0 comments on commit 7bdf210

Please sign in to comment.