Fixes OSQA 455. Multiple cross site scripting(XSS) vulnerabilities.

[osqa.git] / forum / utils / html.py

diff --git a/forum/utils/html.py b/forum/utils/html.py
index 86a4ef9119cf417f876d1ceb25c7c04460640ba7..cab52a4252ecd666dc5c9e06958a5f0300cde9bc 100644 (file)
--- a/forum/utils/html.py
+++ b/forum/utils/html.py
@@ -1,6 +1,7 @@
 """Utilities for working with HTML."""
 import html5lib
 from html5lib import sanitizer, serializer, tokenizer, treebuilders, treewalkers
+from django.utils.html import strip_tags
 from forum.utils.html2text import HTML2Text
 from django.template import mark_safe
 from forum import settings
@@ -48,6 +49,9 @@ def sanitize_html(html):
     output_generator = s.serialize(stream)
     return u''.join(output_generator)
 
+def cleanup_urls(url):
+    return strip_tags(url)
+
 
 def html2text(s, ignore_tags=(), indent_width=4, page_width=80):
     ignore_tags = [t.lower() for t in ignore_tags]