Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

HTML-escape messages on output 

(imported from commit f199fddf887ffbd22ebac76448accb4c48b64a24)
This commit is contained in:
Keegan McAllister 2012-10-11 13:30:33 -04:00
parent 3fadaae574
commit 2c3d7d6116
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
zephyr/models.py
View File

@ -13,6 +13,7 @@ import simplejson
import markdown
md_engine = markdown.Markdown(
extensions = ['fenced_code', 'codehilite', 'nl2br'],
safe_mode = 'escape',
output_format = 'xhtml' )
def get_display_recipient(recipient):

2
zephyr/views.py
View File

@ -414,7 +414,7 @@ def send_message_backend(request, user_profile, sender):
message = Message()
message.sender = UserProfile.objects.get(user=sender)
message.content = strip_html(request.POST['content'])
message.content = request.POST['content']
message.recipient = recipient
if message_type_name == 'stream':
message.subject = subject_name