Message ID | 20190705032741.22930-1-ajd@linux.ibm.com |
---|---|
State | Accepted |
Headers | show |
Series | filters: Escape State names when generating selector HTML | expand |
Thanks, applied. Andrew Donnellan <ajd@linux.ibm.com> writes: > States with names containing special characters are not correctly escaped > when generating the select list. Use escape() to fix this. > > Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com> > --- > patchwork/filters.py | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/patchwork/filters.py b/patchwork/filters.py > index e2d2f5958dd4..fb644f982136 100644 > --- a/patchwork/filters.py > +++ b/patchwork/filters.py > @@ -262,7 +262,7 @@ class StateFilter(Filter): > selected = ' selected="true"' > > out += '<option value="%d" %s>%s</option>' % ( > - state.id, selected, state.name) > + state.id, selected, escape(state.name)) > out += '</select>' > return mark_safe(out) > > -- > 2.20.1 > > _______________________________________________ > Patchwork mailing list > Patchwork@lists.ozlabs.org > https://lists.ozlabs.org/listinfo/patchwork
diff --git a/patchwork/filters.py b/patchwork/filters.py index e2d2f5958dd4..fb644f982136 100644 --- a/patchwork/filters.py +++ b/patchwork/filters.py @@ -262,7 +262,7 @@ class StateFilter(Filter): selected = ' selected="true"' out += '<option value="%d" %s>%s</option>' % ( - state.id, selected, state.name) + state.id, selected, escape(state.name)) out += '</select>' return mark_safe(out)
States with names containing special characters are not correctly escaped when generating the select list. Use escape() to fix this. Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com> --- patchwork/filters.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)