[fix] query escaped in all htmls, invalid todo removed
This commit is contained in:
Adam Tauber
parent
22a3cf7ac7
commit
ed925cf561
@ -307,7 +307,6 @@ def autocompleter():
|
|||||||
else:
|
else:
|
||||||
request_data = request.args
|
request_data = request.args
|
||||||
|
|
||||||
# TODO fix XSS-vulnerability
|
|
||||||
query = request_data.get('q', '').encode('utf-8')
|
query = request_data.get('q', '').encode('utf-8')
|
||||||
|
|
||||||
if not query:
|
if not query:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user