From 87aaf12d2732ba4769963f6cfe0169fbebc07896 Mon Sep 17 00:00:00 2001 From: Emmanuel Viennet <emmanuel.viennet@gmail.com> Date: Tue, 23 Apr 2024 18:28:00 +0200 Subject: [PATCH] Protect against Reflected XSS on home page (and other exception-handling pages) --- app/templates/error_access_denied.j2 | 2 +- app/templates/sco_value_error.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/templates/error_access_denied.j2 b/app/templates/error_access_denied.j2 index c14a2c8a1..46793cea6 100644 --- a/app/templates/error_access_denied.j2 +++ b/app/templates/error_access_denied.j2 @@ -6,7 +6,7 @@ <h2>Accès non autorisé</h2> -{{ exc | safe }} +{{ exc }} <p class="footer"> {% if g.scodoc_dept %} diff --git a/app/templates/sco_value_error.j2 b/app/templates/sco_value_error.j2 index 027e6aa68..6fa329c7b 100644 --- a/app/templates/sco_value_error.j2 +++ b/app/templates/sco_value_error.j2 @@ -5,7 +5,7 @@ <h2>Erreur !</h2> -{{ exc | safe }} +{{ exc }} <div style="margin-top: 16px;"> {% if g.scodoc_dept %} -- GitLab