# HG changeset patch # User Peter Sanchez # Date 1718370631 21600 # Fri Jun 14 07:10:31 2024 -0600 # Node ID 33cb8c77262a474869ab94bcb82c5446baf3c228 # Parent 06991a735f290884eec08effb3fa31ed45cc26e5 Removing .format() from format_html diff --git a/README.md b/README.md --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ Simple application to allow superusers to "impersonate" other non-superuser accounts. -**Version:** 1.9.3 +**Version:** 1.9.4 **Project Links:** [Issues][issues] - [Mailing List][pinbox] - [Contributing](#contributing) @@ -30,7 +30,7 @@ **NOTE:** -- **Versions 1.9.2 and below** are vulnerable to an XSS scripting +- **Versions 1.9.3 and below** are vulnerable to an XSS scripting vulnerability where an attacker can craft a malicious URL and execute JS if an authorized user clicks/follows the URL. Please upgrade to 1.9.3 or newer. diff --git a/README.rst b/README.rst --- a/README.rst +++ b/README.rst @@ -4,7 +4,7 @@ Simple application to allow superusers to "impersonate" other non-superuser accounts. -**Version:** 1.9.3 +**Version:** 1.9.4 **Project Links:** `Issues `__ @@ -31,7 +31,7 @@ **NOTE:** -- **Versions 1.9.2 and below** are vulnerable to an XSS scripting +- **Versions 1.9.3 and below** are vulnerable to an XSS scripting vulnerability where an attacker can craft a malicious URL and execute JS if an authorized user clicks/follows the URL. Please upgrade to 1.9.3 or newer. diff --git a/impersonate/__init__.py b/impersonate/__init__.py --- a/impersonate/__init__.py +++ b/impersonate/__init__.py @@ -1,5 +1,5 @@ # -*- coding: utf-8 -*- -VERSION = (1, 9, 3, 'final', 0) +VERSION = (1, 9, 4, 'final', 0) # taken from django-registration diff --git a/impersonate/helpers.py b/impersonate/helpers.py --- a/impersonate/helpers.py +++ b/impersonate/helpers.py @@ -31,9 +31,9 @@ nextval = request.GET.get(redirect_field_name, None) if nextval: return format_html( - u''.format( - redirect_field_name, nextval, - ) + u'', + redirect_field_name, + nextval, ) return u''