This should fix a security problem reported by Kousuke Ebihara. Thanks

git-svn-id: http://svn.osqa.net/svnroot/osqa/trunk@1234 0cfe37f9-358a-4d5e-be75-b63607b5c754

diff --git a/forum/utils/html.py b/forum/utils/html.py
index 441f1f2484f1da677d34421f1b2b52e413a002d6..256a2d8ce2b2e67857523cd94c93d66c059d92a9 100644 (file)
--- a/forum/utils/html.py
+++ b/forum/utils/html.py
@@ -1,6 +1,7 @@
 """Utilities for working with HTML."""
 #import html5lib
 from html5lib import sanitizer, serializer, tokenizer, treebuilders, treewalkers, HTMLParser
+from urllib import quote_plus
 from django.utils.html import strip_tags
 from forum.utils.html2text import HTML2Text
 from django.utils.safestring import mark_safe
@@ -50,7 +51,7 @@ def sanitize_html(html):
     return u''.join(output_generator)
 
 def cleanup_urls(url):
-    return strip_tags(url)
+    return quote_plus(strip_tags(url))
 
 
 def html2text(s, ignore_tags=(), indent_width=4, page_width=80):