timburks
commented
9 years ago I believe this is fixed with the update to Python 2.7. Thanks for your patience!
Closed lionaneesh closed 9 years ago
timburks
commented
9 years ago I believe this is fixed with the update to Python 2.7. Thanks for your patience!
Autoescaping doesn't happens automatically because Google App Engine as a default imports Django 0.96 templates.
The fix uses Django 1.2 (with autoescaping)
This pull request should be merged immediately because this bug can be used to inject malicious JS or HTML code. The current deployment contains several XSS vulnerabilities both persistent and non-persistent. [http://en.wikipedia.org/wiki/Cross-site_scripting]