Stop marking GET params & CMS content as safe, no auto-escaping

springload / madewithwagtail

A showcase of sites and apps made with Wagtail CMS, the easy to use, open source Django content management system

http://madewithwagtail.org

MIT License

84 stars 21 forks source link

Closed thibaudcolas closed 7 years ago

thibaudcolas commented 7 years ago

XSS injection vector because of safe filter on user input.

thibaudcolas commented 7 years ago

Noticed this as part of #45.