Skip to content

Escaping problems #206

New issue
New issue
Open
Open
Escaping problems#206
Labels
backendRelating to the code which runs on the server and generates the sitebugUnexpected behaviour on client or server side
@keysmashes

Description

@keysmashes
keysmashes
opened on Feb 24, 2022

hacksoc.org/templates/base.html.jinja2

Line 28 in c83e30e

<meta property="og:description" content="{{lede|trim}}">

i am pretty sure this should be {{lede|trim|e}}, to avoid a problem which can be observed here: https://www.hacksoc.org/news/2014-01-20-bytemark-sponsorship.html

but i strongly suspect there are similar problems lurking elsewhere, since as far as i can tell jinja's autoescape feature is not enabled

we should probably enable autoescape and see what breaks, and/or audit all current uses of jinja interpolation

Metadata

Metadata

Assignees

No one assigned

    Labels

    backendRelating to the code which runs on the server and generates the sitebugUnexpected behaviour on client or server side

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions