Bugfix: HTML injection in post editing (introduces and fixes yet another bug)

2013-07-31 21:24:17 -04:00 · 2013-07-31 21:24:17 -04:00 · ea2b8cce07
commit ea2b8cce07
parent a5312ebe89
3 changed files with 9 additions and 6 deletions
--- a/templates/mod/edit_post_form.html
+++ b/templates/mod/edit_post_form.html
@ -32,7 +32,7 @@
 				{% trans %}Comment{% endtrans %}
 			</th>
 			<td>
-				<textarea name="body" id="body" rows="8" cols="35">{% if raw %}{{ post.body | e }}{% else %}{{ post.body_nomarkup }}{% endif %}</textarea>
+				<textarea name="body" id="body" rows="8" cols="35">{% if raw %}{{ post.body|e }}{% else %}{{ post.body_nomarkup|e }}{% endif %}</textarea>
 			</td>
 		</tr>
 	</table>