Skip to content

Commit 160b398

Browse files
jefftriplettjefftriplett
committed
Updated UGC fields to enable escaping in MarkupFields.
Thank you to Vinod for reporting.
1 parent 4d5be7a commit 160b398

File tree

3 files changed

+5
-5
lines changed

3 files changed

+5
-5
lines changed

events/models.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@ class Event(ContentManageable):
9494
title = models.CharField(max_length=200)
9595
calendar = models.ForeignKey(Calendar, related_name='events')
9696

97-
description = MarkupField(default_markup_type=DEFAULT_MARKUP_TYPE)
97+
description = MarkupField(default_markup_type=DEFAULT_MARKUP_TYPE, escape_html=True)
9898
venue = models.ForeignKey(EventLocation, null=True, blank=True, related_name='events')
9999

100100
categories = models.ManyToManyField(EventCategory, related_name='events', blank=True, null=True)

jobs/models.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ class Job(ContentManageable):
4040
company = models.ForeignKey('companies.Company', related_name='jobs', blank=True, null=True)
4141

4242
company_name = models.CharField(max_length=100, blank=True, null=True)
43-
company_description = MarkupField(blank=True, default_markup_type=DEFAULT_MARKUP_TYPE)
43+
company_description = MarkupField(blank=True, default_markup_type=DEFAULT_MARKUP_TYPE, escape_html=True)
4444
job_title = models.CharField(blank=True, null=True, max_length=100)
4545

4646
city = models.CharField(max_length=100)
@@ -49,8 +49,8 @@ class Job(ContentManageable):
4949
location_slug = models.SlugField(max_length=350, editable=False)
5050
country_slug = models.SlugField(max_length=100, editable=False)
5151

52-
description = MarkupField(blank=True, default_markup_type=DEFAULT_MARKUP_TYPE)
53-
requirements = MarkupField(blank=True, default_markup_type=DEFAULT_MARKUP_TYPE)
52+
description = MarkupField(blank=True, default_markup_type=DEFAULT_MARKUP_TYPE, escape_html=True)
53+
requirements = MarkupField(blank=True, default_markup_type=DEFAULT_MARKUP_TYPE, escape_html=True)
5454

5555
contact = models.CharField(null=True, blank=True, max_length=100)
5656
email = models.EmailField()

users/models.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414

1515

1616
class User(AbstractUser):
17-
bio = MarkupField(blank=True, default_markup_type=DEFAULT_MARKUP_TYPE)
17+
bio = MarkupField(blank=True, default_markup_type=DEFAULT_MARKUP_TYPE, escape_html=True)
1818

1919
SEARCH_PRIVATE = 0
2020
SEARCH_PUBLIC = 1

0 commit comments

Comments
 (0)