Changed enrich filter

2019-10-14 14:30:22 +02:00 · 2019-10-14 14:30:22 +02:00 · 5e7c6097d4
commit 5e7c6097d4
parent a646c96b86
3 changed files with 39 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,6 +4,7 @@

 * Removed `type` and `info` fields from `Message` table and merged `privacy` field, previously into a separate table, into that table. In order to make the app work, when upgrading you should run the `migrate_0_4_to_0_5.py` script. 
 * Added flask-login dependency. Now, user logins can be persistent up to 365 days. 
+* Rewritten `enrich` filter, correcting a serious security flaw. The new filter uses a tokenizer and escapes all non-markup text. Plus, now the `+` of the mention is visible, but weakened; newlines are now visible in the message. 

 ## 0.4.0