search: fix flash messages security
7f61663da439
Actions

Authored by Nicolas Harraudeau <nicolas.harraudeau@cern.ch> on Aug 31 2015, 09:58.

Description

search: fix flash messages security

SECURITY Fixes potential XSS issues by changing search flash messages template so that they are not displayed as safe HTML by default.

NOTE Displaying HTML safe flash messages can be done by using one of these flash contexts: 'search-results-after(html_safe)', 'websearch-after-search-form(html_safe)' instead of the standard ones (which are the same without '(html safe)' at the end).

Signed-off-by: Nicolas Harraudeau <nicolas.harraudeau@cern.ch>

Committed

Nicolas Harraudeau <nicolas.harraudeau@cern.ch>

Aug 31 2015, 16:37

Parents

Branches

Unknown

Tags

Unknown

Nicolas Harraudeau <nicolas.harraudeau@cern.ch> committed R3600:7f61663da439: search: fix flash messages security (authored by Nicolas Harraudeau <nicolas.harraudeau@cern.ch>).Aug 31 2015, 16:37

				Path
	M			invenio/modules/search/templates/search/form/index_base.html
	M			invenio/modules/search/templates/search/results_base.html