From 95679599de538a4833dd873f0630e5819b60db10 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gabriel=20P=C3=A9rez-Cerezo?= <gabriel@gpcf.eu>
Date: Fri, 6 Jul 2018 23:21:49 +0200
Subject: prevent html injection

---
 templates/buglist.html | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'templates/buglist.html')

diff --git a/templates/buglist.html b/templates/buglist.html
index 3e69108..142dc69 100644
--- a/templates/buglist.html
+++ b/templates/buglist.html
@@ -29,12 +29,12 @@
       <td>
 	{{ i.id }}
       <td>
-	<a href="/{{ prname }}/{{ i.id }}.html"> {{ i.subject }}</a>
+	<a href="/{{ prname }}/{{ i.id }}.html"> {{ i.subject|e }}</a>
       <td>
 	{{ i.replies }}
-      <td title="{{ i.created }}">
+      <td title="{{ i.created|e }}">
 	{{ i.nicecreated }}
-      <td title="{{ i.last_reply }}">
+      <td title="{{ i.last_reply|e }}">
 	{{ i.nicereply }}
       <td>
 	{% if i.closed %}
-- 
cgit v1.2.3