Fix XSS js injection
This commit is contained in:
parent
f1a47e7766
commit
971cde093c
@ -25,6 +25,7 @@ Fixed
|
||||
if the user dn was not found. This was causing the exception
|
||||
``'NoneType' object has no attribute 'getitem'`` describe in #21
|
||||
* Increase the max size of usernames (30 chars to 250)
|
||||
* Fix XSS js injection
|
||||
|
||||
|
||||
|
||||
|
@ -58,7 +58,7 @@
|
||||
class="alert alert-danger"
|
||||
{% endif %}
|
||||
{% endspaceless %}>
|
||||
<p>{{message|safe}}</p>
|
||||
<p>{{message}}</p>
|
||||
</div>
|
||||
{% endfor %}
|
||||
{% if auto_submit %}</noscript>{% endif %}
|
||||
|
@ -2,6 +2,6 @@
|
||||
{% load staticfiles %}
|
||||
{% load i18n %}
|
||||
{% block content %}
|
||||
<div class="alert alert-success" role="alert">{{logout_msg|safe}}</div>
|
||||
<div class="alert alert-success" role="alert">{{logout_msg}}</div>
|
||||
{% endblock %}
|
||||
|
||||
|
@ -23,6 +23,7 @@ from django.views.decorators.csrf import csrf_exempt
|
||||
from django.middleware.csrf import CsrfViewMiddleware
|
||||
from django.views.generic import View
|
||||
from django.utils.encoding import python_2_unicode_compatible
|
||||
from django.utils.safestring import mark_safe
|
||||
|
||||
import re
|
||||
import logging
|
||||
@ -181,24 +182,24 @@ class LogoutView(View, LogoutMixin):
|
||||
else:
|
||||
# build logout message depending of the number of sessions the user logs out
|
||||
if session_nb == 1:
|
||||
logout_msg = _(
|
||||
logout_msg = mark_safe(_(
|
||||
"<h3>Logout successful</h3>"
|
||||
"You have successfully logged out from the Central Authentication Service. "
|
||||
"For security reasons, close your web browser."
|
||||
)
|
||||
))
|
||||
elif session_nb > 1:
|
||||
logout_msg = _(
|
||||
logout_msg = mark_safe(_(
|
||||
"<h3>Logout successful</h3>"
|
||||
"You have successfully logged out from %s sessions of the Central "
|
||||
"You have successfully logged out from %d sessions of the Central "
|
||||
"Authentication Service. "
|
||||
"For security reasons, close your web browser."
|
||||
) % session_nb
|
||||
) % session_nb)
|
||||
else:
|
||||
logout_msg = _(
|
||||
logout_msg = mark_safe(_(
|
||||
"<h3>Logout successful</h3>"
|
||||
"You were already logged out from the Central Authentication Service. "
|
||||
"For security reasons, close your web browser."
|
||||
)
|
||||
))
|
||||
|
||||
# depending of settings, redirect to the login page with a logout message or display
|
||||
# the logout page. The default is to display tge logout page.
|
||||
|
Loading…
Reference in New Issue
Block a user