diff options
author | Richard Jones <r1chardj0n3s@gmail.com> | 2017-03-07 16:55:39 +1100 |
---|---|---|
committer | Rob Cresswell <robert.cresswell@outlook.com> | 2017-03-07 12:54:04 +0000 |
commit | ce80bb6fec3cb0262728e7ae8b9d695cf832e5bf (patch) | |
tree | 8b45dc504aad0fce4a4ec355c414aaf50201c0b5 | |
parent | 7a1a8b373935904ce0701f3c3758ec1f56c243ea (diff) | |
download | horizon-9.1.2.tar.gz |
Remove dangerous safestring declarationmitaka-eol9.1.2stable/mitaka
This declaration allows XSS content through the JSON and
is unnecessary for correct rendering of the content anyway.
Change-Id: I82355b37108609ae573237424e528aab86a24efc
Closes-Bug: 1667086
(cherry picked from commit a835dbfbaa2c70329c08d4b8429d49315dc6d651)
-rw-r--r-- | openstack_dashboard/dashboards/identity/mappings/tables.py | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/openstack_dashboard/dashboards/identity/mappings/tables.py b/openstack_dashboard/dashboards/identity/mappings/tables.py index df6e8f307..9c22285d6 100644 --- a/openstack_dashboard/dashboards/identity/mappings/tables.py +++ b/openstack_dashboard/dashboards/identity/mappings/tables.py @@ -14,7 +14,6 @@ import json -from django.utils import safestring from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ungettext_lazy @@ -75,7 +74,7 @@ def get_rules_as_json(mapping): rules = getattr(mapping, 'rules', None) if rules: rules = json.dumps(rules, indent=4) - return safestring.mark_safe(rules) + return rules class MappingsTable(tables.DataTable): |