Skip to content

Commit

Permalink
Merge pull request #694 from 418sec/1-pip-cabot
Browse files Browse the repository at this point in the history
Security Fix for Stored Cross-site Scripting (XSS) - huntr.dev
  • Loading branch information
dbuxton authored Jan 5, 2021
2 parents b18b1a0 + b788986 commit eb0b354
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
2 changes: 2 additions & 0 deletions cabot/cabotapp/models/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@

from celery.exceptions import SoftTimeLimitExceeded
from celery.utils.log import get_task_logger
from django.core.validators import URLValidator
from django.conf import settings
from django.contrib.auth.models import User
from django.db import models
Expand Down Expand Up @@ -472,6 +473,7 @@ class StatusCheck(PolymorphicModel):
endpoint = models.TextField(
null=True,
help_text='HTTP(S) endpoint to poll.',
validators = [URLValidator()],
)
username = models.TextField(
blank=True,
Expand Down
2 changes: 1 addition & 1 deletion cabot/templates/cabotapp/statuscheck_detail.html
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ <h3 class="pull-left">Check results</h3>
</td>
<td>{{ result.time_complete }}</td>
<td>{{ result.took }}</td>
<td>{% autoescape off %}{{ result.error|default:"" }}{% endautoescape %}</td>
<td>{{ result.error|default:"" }}</td>
</tr>
{% endfor %}
</tbody>
Expand Down

0 comments on commit eb0b354

Please sign in to comment.