xuyue/OnlineJudge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update xss filter

Browse Source
This commit is contained in:
virusdefender
2017-12-24 15:34:22 +08:00
parent 03cf356bab
commit a5fea0c653
4 changed files with 29 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
conf/views.py
View File

@@ -13,6 +13,7 @@ from judge.languages import languages, spj_languages
from options.options import SysOptions
from utils.api import APIView, CSRFExemptAPIView, validate_serializer
from utils.shortcuts import send_email
from utils.xss_filter import XSSHtml
from .models import JudgeServer
from .serializers import (CreateEditWebsiteConfigSerializer,
CreateSMTPConfigSerializer, EditSMTPConfigSerializer,
@@ -84,6 +85,9 @@ class WebsiteConfigAPI(APIView):
@super_admin_required
def post(self, request):
for k, v in request.data.items():
if k == "website_footer":
with XSSHtml() as parser:
v = parser.clean(v)
setattr(SysOptions, k, v)
return self.success()