# HG changeset patch
# User Atul Varma <varmaa@toolness.com>
# Date 1208392732 25200
# Node ID 3fe6eb21636d2c5b11180ba869a30e3f97114717
# Parent  65c14ecad14c3f6c65f8cae619ad843325d2b119
For security purposes, we now escape any HTML contained in a Persona's description.

diff -r 65c14ecad14c -r 3fe6eb21636d personasbackend/personas/models.py
--- a/personasbackend/personas/models.py	Wed Apr 16 17:34:34 2008 -0700
+++ b/personasbackend/personas/models.py	Wed Apr 16 17:38:52 2008 -0700
@@ -265,7 +265,7 @@
         )
 
     description = models.TextField(
-        help_text = "HTML is allowed.",
+        help_text = "A short description of the Persona.",
         blank=False,
         )
 
diff -r 65c14ecad14c -r 3fe6eb21636d personasbackend/personas/templates/personas/list.html
--- a/personasbackend/personas/templates/personas/list.html	Wed Apr 16 17:34:34 2008 -0700
+++ b/personasbackend/personas/templates/personas/list.html	Wed Apr 16 17:38:52 2008 -0700
@@ -24,7 +24,7 @@
     </span>
     {% endif %}
   </div>
-  <div class="persona-desc">{{ persona.description|safe }}</div>
+  <div class="persona-desc">{{ persona.description }}</div>
   {% comment %}
   TODO: This doesn't obey DRY; we should figure out a way around
   this. Ideally, we should be able to do the equivalent of 'if