mirror of https://github.com/zulip/zulip.git
HTML-escape messages on output
(imported from commit f199fddf887ffbd22ebac76448accb4c48b64a24)
This commit is contained in:
Keegan McAllister
parent
3fadaae574
commit
2c3d7d6116
|
|
@ -13,6 +13,7 @@ import simplejson
|
||||||
import markdown
|
import markdown
|
||||||
md_engine = markdown.Markdown(
|
md_engine = markdown.Markdown(
|
||||||
extensions = ['fenced_code', 'codehilite', 'nl2br'],
|
extensions = ['fenced_code', 'codehilite', 'nl2br'],
|
||||||
|
safe_mode = 'escape',
|
||||||
output_format = 'xhtml' )
|
output_format = 'xhtml' )
|
||||||
|
|
||||||
def get_display_recipient(recipient):
|
def get_display_recipient(recipient):
|
||||||
|
|
|
||||||
|
|
@ -414,7 +414,7 @@ def send_message_backend(request, user_profile, sender):
|
||||||
|
|
||||||
message = Message()
|
message = Message()
|
||||||
message.sender = UserProfile.objects.get(user=sender)
|
message.sender = UserProfile.objects.get(user=sender)
|
||||||
message.content = strip_html(request.POST['content'])
|
message.content = request.POST['content']
|
||||||
message.recipient = recipient
|
message.recipient = recipient
|
||||||
if message_type_name == 'stream':
|
if message_type_name == 'stream':
|
||||||
message.subject = subject_name
|
message.subject = subject_name
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue