public-mirrors/NewsBlur-viq
1
0
Fork 0
mirror of https://github.com/viq/NewsBlur.git synced 2025-09-18 21:43:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixing #377. Killing XSS attacks by sanitizing feed titles.

Browse source
This commit is contained in:
Samuel Clay 2013-07-29 14:25:43 -07:00
parent 692f5c0ede
commit d49e9569a5
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
utils/feed_fetcher.py
View file

@ -18,7 +18,7 @@ from apps.push.models import PushSubscription
from apps.statistics.models import MAnalyticsFetcher
# from utils import feedparser
from utils import feedparser_trunk as feedparser
from utils.story_functions import pre_process_story
from utils.story_functions import pre_process_story, strip_tags
from utils import log as logging
from utils.feed_functions import timelimit, TimeoutError, utf8encode, cache_bust_url
# from utils.feed_functions import mail_feed_error_to_admin
@ -217,7 +217,7 @@ class ProcessFeed:
self.fpf.entries = self.fpf.entries[:100]
if self.fpf.feed.get('title'):
self.feed.feed_title = self.fpf.feed.get('title')
self.feed.feed_title = strip_tags(self.fpf.feed.get('title'))
tagline = self.fpf.feed.get('tagline', self.feed.data.feed_tagline)
if tagline:
self.feed.data.feed_tagline = utf8encode(tagline)