first round of input sanitization

2012-02-21 21:56:06 +05:30 · 2012-02-21 21:56:06 +05:30 · 67bc4475e9
commit 67bc4475e9
parent b62b58a967
7 changed files with 44 additions and 28 deletions
--- a/pandora/itemlist/views.py
+++ b/pandora/itemlist/views.py
@ -3,6 +3,8 @@
 from __future__ import division
 import os

+import ox
+
 from django.db.models import Max, Sum
 from django.db import transaction
 from django.http import HttpResponseForbidden, Http404
@ -238,7 +240,7 @@ def addList(request):
            value = list.status
        list.status = value
    if 'description' in data:
-        list.description = data['description']
+        list.description = ox.parse_html(data['description'])
    if 'view' in data:
        list.view = data['view']
    if 'sort' in data:
@ -356,7 +358,7 @@ def editList(request):
                    name = data['name'] + ' (%d)' % num
                list.name = name
            elif key == 'description':
-                list.description = data['description']
+                list.description = ox.parse_html(data['description'])

        if 'position' in data:
            pos, created = models.Position.objects.get_or_create(list=list, user=request.user)