From 511b325b45b6bd7a88bb6df1a4639b80d0121277 Mon Sep 17 00:00:00 2001 From: Richard Jones Date: Tue, 7 Mar 2017 16:55:39 +1100 Subject: [PATCH] Remove dangerous safestring declaration This declaration allows XSS content through the JSON and is unnecessary for correct rendering of the content anyway. Change-Id: I82355b37108609ae573237424e528aab86a24efc Closes-Bug: 1667086 (cherry picked from commit a835dbfbaa2c70329c08d4b8429d49315dc6d651) --- openstack_dashboard/dashboards/identity/mappings/tables.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/openstack_dashboard/dashboards/identity/mappings/tables.py b/openstack_dashboard/dashboards/identity/mappings/tables.py index df6e8f3072..9c22285d65 100644 --- a/openstack_dashboard/dashboards/identity/mappings/tables.py +++ b/openstack_dashboard/dashboards/identity/mappings/tables.py @@ -14,7 +14,6 @@ import json -from django.utils import safestring from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ungettext_lazy @@ -75,7 +74,7 @@ def get_rules_as_json(mapping): rules = getattr(mapping, 'rules', None) if rules: rules = json.dumps(rules, indent=4) - return safestring.mark_safe(rules) + return rules class MappingsTable(tables.DataTable):