8 лет назад · 90bcdbbe2f
--- a/misago/core/templatetags/misago_json.py
+++ b/misago/core/templatetags/misago_json.py
@@ -9,4 +9,6 @@ register = template.Library()
 
				 
			
 
				 @register.filter
			
 
				 def as_json(value):
			
 
				-    return mark_safe(json.dumps(value))
			
 
				+    json_dump = json.dumps(value)
			
 
				+    # fixes XSS as described in #651
			
 
				+    return mark_safe(json_dump.replace('<', r'\u003C'))