Skip to content
Snippets Groups Projects
Commit 25cf39da authored by asadazam93's avatar asadazam93
Browse files

Clean XSS in lms template

parent c515b357
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
AUTHORS
+ 1
0
View file @ 25cf39da
......@@ -290,3 +290,4 @@ Matt Tuchfarber <mtuchfarber@edx.org>
Stuart Young <syoung@edx.org>
Michael Youngstrom <myoungstrom@edx.org>
Sahar Markovich <sahar.markovich@gmail.com>
Asad Azam <asadazam93@gmail.com>
openedx/core/djangoapps/debug/views.py
+ 2
1
View file @ 25cf39da
......@@ -3,6 +3,7 @@ Views that are only activated when the project is running in development mode.
These views will NOT be shown on production: trying to access them will result
in a 404 error.
"""
import bleach
from django.http import HttpResponseNotFound
from django.template import TemplateDoesNotExist
from django.utils.translation import ugettext as _
......@@ -52,4 +53,4 @@ def show_reference_template(request, template):
return render_to_response(template, context)
except TemplateDoesNotExist:
return HttpResponseNotFound('Missing template {template}'.format(template=template))
return HttpResponseNotFound('Missing template {template}'.format(template=bleach.clean(template, strip=True)))
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment