mirror of
https://github.com/RYGhub/royalnet.git
synced 2024-11-27 13:34:28 +00:00
do not escape css
This commit is contained in:
parent
046e9c1d61
commit
06ea2df92c
2 changed files with 8 additions and 2 deletions
|
@ -7,7 +7,9 @@
|
|||
{% block posthead %}
|
||||
{% if css %}
|
||||
<style>
|
||||
{% autoescape false %}
|
||||
{{ css.css }}
|
||||
{% endautoescape %}
|
||||
</style>
|
||||
{% endif %}
|
||||
{% endblock %}
|
||||
|
|
|
@ -107,8 +107,12 @@ def page_setcss():
|
|||
if user_id is None:
|
||||
abort(403)
|
||||
return
|
||||
css = request.form.get("css", "")
|
||||
if "<style" in css:
|
||||
abort(400)
|
||||
return
|
||||
if ccss is None:
|
||||
ccss = db.CustomCSS(royal_id=user_id, css=request.form.get("css", ""))
|
||||
ccss = db.CustomCSS(royal_id=user_id, css=css)
|
||||
db_session.add(ccss)
|
||||
else:
|
||||
ccss.css = request.form.get("css", "")
|
||||
|
|
Loading…
Reference in a new issue