search

wagtail-deprecated / wagtaildemo

Old example site implemented with Wagtail. Please see https://github.com/wagtail/bakerydemo for the current demo site
http://wagtail.io
BSD 3-Clause "New" or "Revised" License
285 stars 144 forks source link

Stored XSS flaw fix #112

Closed asteinhauser closed 7 years ago

asteinhauser commented 7 years ago

The cost value is a varchar and it is not sanitized before it is inserted to the database. Therefore it can contain an arbitrary HTML code including any JavaScript - even something like . At the same time the safe filter does not make any functional sense in here.

thibaudcolas commented 7 years ago

NB: is this the same issue for https://github.com/wagtail/wagtaildemo/blob/master/demo/templates/demo/search_results.html? There are two |safe filters on here that seem unnecessary to me, but my Django knowledge stops short of knowing for sure.

gasman commented 7 years ago

@thibaudcolas Yes, I think those should be removed too. Whoever did the original templates for wagtaildemo was definitely on a |safe-filter frenzy :-)

asteinhauser commented 7 years ago

Yes, it should be removed as well.