escaping on all fields

2017-04-17 22:30:14 +02:00 · 2017-04-17 22:30:14 +02:00 · 77e8dfc02a
commit 77e8dfc02a
parent f69f306430
1 changed files with 3 additions and 3 deletions
--- a/templates/mod/edit_post_form.html
+++ b/templates/mod/edit_post_form.html
@ -7,7 +7,7 @@
 				{% trans %}Name{% endtrans %}
 			</th>
 			<td>
-				<input type="text" name="name" size="25" maxlength="35" autocomplete="off" value="{{ post.name }}">
+				<input type="text" name="name" size="25" maxlength="35" autocomplete="off" value="{{ post.name|e }}">
 			</td>
 		</tr>
 		<tr>
@ -15,7 +15,7 @@
 				{% trans %}Email{% endtrans %}
 			</th>
 			<td>
-				<input type="text" name="email" size="25" maxlength="40" autocomplete="off" value="{{ post.email }}">
+				<input type="text" name="email" size="25" maxlength="40" autocomplete="off" value="{{ post.email|e }}">
 			</td>
 		</tr>
 		<tr>
@ -32,7 +32,7 @@
 				{% trans %}Comment{% endtrans %}
 			</th>
 			<td>
-				<textarea name="body" id="body" rows="8" cols="35">{% if raw %}{{ post.body }}{% else %}{{ post.body_nomarkup }}{% endif %}</textarea>
+				<textarea name="body" id="body" rows="8" cols="35">{% if raw %}{{ post.body|e }}{% else %}{{ post.body_nomarkup|e }}{% endif %}</textarea>
 			</td>
 		</tr>
 	</table>