Since we're marking the two-page extract as safe, we need to escape html-significant characters in the draft text explicitly.

- Legacy-Id: 3172
2011-06-08 19:25:34 +00:00 · 2011-06-08 19:25:34 +00:00 · 95898de070
parent d98d27dfa6
commit 95898de070
1 changed files with 4 additions and 4 deletions
--- a/ietf/submit/templatetags/submit_tags.py
+++ b/ietf/submit/templatetags/submit_tags.py
@ -2,7 +2,7 @@ import os

 from django import template
 from django.conf import settings
-from django.utils.html import mark_safe
+from django.utils.html import mark_safe, escape

 register = template.Library()

@ -25,15 +25,15 @@ def show_two_pages(context, two_pages, validation):
 def two_pages_decorated_with_validation(value, validation):
    pages = value.first_two_pages or ''
    if not 'revision' in validation.warnings.keys():
-        return mark_safe('<pre class="twopages" style="display: none;">%s</pre>' % pages)
+        return mark_safe('<pre class="twopages" style="display: none;">%s</pre>' % escape(pages))
    result = '<pre class="twopages" style="display: none;">\n'
    for line in pages.split('\n'):
        if line.find('%s-%s' % (value.filename, value.revision)) > -1:
            result += '</pre><pre class="twopages" style="display: none; background: red;">'
-            result += line
+            result += escape(line)
            result += '\n'
            result += '</pre><pre class="twopages" style="display: none;">\n'
        else:
-            result += line
+            result += escape(line)
            result += '\n'
    return mark_safe(result)