changeset 831:25931797db20

server (blog/themes): sanitize tags + display tags URLs
author souliane <souliane@mailoo.org>
date Sat, 09 Jan 2016 13:00:31 +0100
parents a825700c01e4
children ded96b54ee02
files src/server/blog.py themes/default/static_blog.html
diffstat 2 files changed, 2 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/server/blog.py	Sat Jan 09 12:14:39 2016 +0100
+++ b/src/server/blog.py	Sat Jan 09 13:00:31 2016 +0100
@@ -591,7 +591,7 @@
             if query_data:
                 self.url += '?{}'.format(urllib.urlencode(query_data))
             self.title = self.getText(entry, 'title')
-            self.tags = list(common.dict2iter('tag', entry))
+            self.tags = [sanitizeHtml(tag) for tag in common.dict2iter('tag', entry)]
 
             count_text = lambda count: D_('comments') if count > 1 else D_('comment')
 
--- a/themes/default/static_blog.html	Sat Jan 09 12:14:39 2016 +0100
+++ b/themes/default/static_blog.html	Sat Jan 09 13:00:31 2016 +0100
@@ -45,7 +45,7 @@
             {% if entry.tags %}
                 <ul class="mblog_tags">
                 {% for tag in entry.tags %}
-                    <li><a>{{tag}}</a></li>
+                    <li><a href="{{base_url}}?tag={{tag}}">{{tag}}</a></li>
                 {% endfor %}
                 </ul>
             {% endif %}