Rev905, Escape title and query string

2016-02-18 19:44:52 +01:00 · 2016-02-18 19:44:52 +01:00 · 2f25204be9
commit 2f25204be9
parent e389e22832
2 changed files with 3 additions and 3 deletions
--- a/src/Config.py
+++ b/src/Config.py
@ -8,7 +8,7 @@ class Config(object):

    def __init__(self, argv):
        self.version = "0.3.6"
-        self.rev = 903
+        self.rev = 905
        self.argv = argv
        self.action = None
        self.config_file = "zeronet.conf"
--- a/src/Ui/UiRequest.py
+++ b/src/Ui/UiRequest.py
@ -274,10 +274,10 @@ class UiRequest(object):
            file_url=file_url,
            file_inner_path=file_inner_path,
            address=site.address,
-            title=title,
+            title=cgi.escape(title, True),
            body_style=body_style,
            meta_tags=meta_tags,
-            query_string=query_string,
+            query_string=re.escape(query_string),
            wrapper_key=site.settings["wrapper_key"],
            wrapper_nonce=wrapper_nonce,
            postmessage_nonce_security=postmessage_nonce_security,