Ensure that List title/description cannot contain markup or code

cc-archive / open-ledger

Prototype code and examples for work on the Creative Commons "CC Search" project

MIT License

48 stars 23 forks source link

Closed lizadaly closed 7 years ago

lizadaly commented 7 years ago

Lists can be made public. Ensure that these fields are using Django's built-in mechanisms for preventing JS or arbitrary HTML from being included.

lizadaly commented 7 years ago

Looks good, it's automatically escaped by Django: