search

prymitive / bootstrap-breadcrumbs

Django template tags for easy breadcrumbs using twitter bootstrap css classes or custom template
django-bootstrap-breadcrumbs.readthedocs.org
MIT License
92 stars 47 forks source link

fix XSS vulnerability #6

Closed xchrdw closed 11 years ago

xchrdw commented 11 years ago

it is possible to inject Javascript into the output if userinput is used as breadcrumb label (like in the last example). this should be prevented by escaping all input.

prymitive commented 11 years ago

thanks, I've released 0.3.1 with this fix