Rev905, Escape title and query string

This commit is contained in:
HelloZeroNet 2016-02-18 19:44:52 +01:00
parent e389e22832
commit 2f25204be9
2 changed files with 3 additions and 3 deletions

View file

@ -8,7 +8,7 @@ class Config(object):
def __init__(self, argv):
self.version = "0.3.6"
self.rev = 903
self.rev = 905
self.argv = argv
self.action = None
self.config_file = "zeronet.conf"

View file

@ -274,10 +274,10 @@ class UiRequest(object):
file_url=file_url,
file_inner_path=file_inner_path,
address=site.address,
title=title,
title=cgi.escape(title, True),
body_style=body_style,
meta_tags=meta_tags,
query_string=query_string,
query_string=re.escape(query_string),
wrapper_key=site.settings["wrapper_key"],
wrapper_nonce=wrapper_nonce,
postmessage_nonce_security=postmessage_nonce_security,