1. Bertrand Bordage
  2. django-registration

Commits

ubernostrum  committed cca531d

Remove low-risk XSS vector in username validation

  • Participants
  • Parent commits fd76a92
  • Branches default

Comments (0)

Files changed (1)

File forms.py

View file
                 user = User.objects.get(username__exact=self.clean_data['username'])
             except User.DoesNotExist:
                 return self.clean_data['username']
-            raise forms.ValidationError(u'The username "%s" is already taken. Please choose another.' % self.clean_data['username'])
+            raise forms.ValidationError(u'This username is already taken. Please choose another.')
     
     def clean_password2(self):
         """