Fix XSS js injection
This commit is contained in:
parent
f1a47e7766
commit
971cde093c
@ -25,6 +25,7 @@ Fixed
|
|||||||
if the user dn was not found. This was causing the exception
|
if the user dn was not found. This was causing the exception
|
||||||
``'NoneType' object has no attribute 'getitem'`` describe in #21
|
``'NoneType' object has no attribute 'getitem'`` describe in #21
|
||||||
* Increase the max size of usernames (30 chars to 250)
|
* Increase the max size of usernames (30 chars to 250)
|
||||||
|
* Fix XSS js injection
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -58,7 +58,7 @@
|
|||||||
class="alert alert-danger"
|
class="alert alert-danger"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endspaceless %}>
|
{% endspaceless %}>
|
||||||
<p>{{message|safe}}</p>
|
<p>{{message}}</p>
|
||||||
</div>
|
</div>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% if auto_submit %}</noscript>{% endif %}
|
{% if auto_submit %}</noscript>{% endif %}
|
||||||
|
@ -2,6 +2,6 @@
|
|||||||
{% load staticfiles %}
|
{% load staticfiles %}
|
||||||
{% load i18n %}
|
{% load i18n %}
|
||||||
{% block content %}
|
{% block content %}
|
||||||
<div class="alert alert-success" role="alert">{{logout_msg|safe}}</div>
|
<div class="alert alert-success" role="alert">{{logout_msg}}</div>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
|
@ -23,6 +23,7 @@ from django.views.decorators.csrf import csrf_exempt
|
|||||||
from django.middleware.csrf import CsrfViewMiddleware
|
from django.middleware.csrf import CsrfViewMiddleware
|
||||||
from django.views.generic import View
|
from django.views.generic import View
|
||||||
from django.utils.encoding import python_2_unicode_compatible
|
from django.utils.encoding import python_2_unicode_compatible
|
||||||
|
from django.utils.safestring import mark_safe
|
||||||
|
|
||||||
import re
|
import re
|
||||||
import logging
|
import logging
|
||||||
@ -181,24 +182,24 @@ class LogoutView(View, LogoutMixin):
|
|||||||
else:
|
else:
|
||||||
# build logout message depending of the number of sessions the user logs out
|
# build logout message depending of the number of sessions the user logs out
|
||||||
if session_nb == 1:
|
if session_nb == 1:
|
||||||
logout_msg = _(
|
logout_msg = mark_safe(_(
|
||||||
"<h3>Logout successful</h3>"
|
"<h3>Logout successful</h3>"
|
||||||
"You have successfully logged out from the Central Authentication Service. "
|
"You have successfully logged out from the Central Authentication Service. "
|
||||||
"For security reasons, close your web browser."
|
"For security reasons, close your web browser."
|
||||||
)
|
))
|
||||||
elif session_nb > 1:
|
elif session_nb > 1:
|
||||||
logout_msg = _(
|
logout_msg = mark_safe(_(
|
||||||
"<h3>Logout successful</h3>"
|
"<h3>Logout successful</h3>"
|
||||||
"You have successfully logged out from %s sessions of the Central "
|
"You have successfully logged out from %d sessions of the Central "
|
||||||
"Authentication Service. "
|
"Authentication Service. "
|
||||||
"For security reasons, close your web browser."
|
"For security reasons, close your web browser."
|
||||||
) % session_nb
|
) % session_nb)
|
||||||
else:
|
else:
|
||||||
logout_msg = _(
|
logout_msg = mark_safe(_(
|
||||||
"<h3>Logout successful</h3>"
|
"<h3>Logout successful</h3>"
|
||||||
"You were already logged out from the Central Authentication Service. "
|
"You were already logged out from the Central Authentication Service. "
|
||||||
"For security reasons, close your web browser."
|
"For security reasons, close your web browser."
|
||||||
)
|
))
|
||||||
|
|
||||||
# depending of settings, redirect to the login page with a logout message or display
|
# depending of settings, redirect to the login page with a logout message or display
|
||||||
# the logout page. The default is to display tge logout page.
|
# the logout page. The default is to display tge logout page.
|
||||||
|
Loading…
Reference in New Issue
Block a user