[PATCH] filters: Escape State names when generating selector HTML
Daniel Axtens
dja at axtens.net
Fri Jul 5 15:01:57 AEST 2019
Thanks, applied.
Andrew Donnellan <ajd at linux.ibm.com> writes:
> States with names containing special characters are not correctly escaped
> when generating the select list. Use escape() to fix this.
>
> Signed-off-by: Andrew Donnellan <ajd at linux.ibm.com>
> ---
> patchwork/filters.py | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/patchwork/filters.py b/patchwork/filters.py
> index e2d2f5958dd4..fb644f982136 100644
> --- a/patchwork/filters.py
> +++ b/patchwork/filters.py
> @@ -262,7 +262,7 @@ class StateFilter(Filter):
> selected = ' selected="true"'
>
> out += '<option value="%d" %s>%s</option>' % (
> - state.id, selected, state.name)
> + state.id, selected, escape(state.name))
> out += '</select>'
> return mark_safe(out)
>
> --
> 2.20.1
>
> _______________________________________________
> Patchwork mailing list
> Patchwork at lists.ozlabs.org
> https://lists.ozlabs.org/listinfo/patchwork
More information about the Patchwork
mailing list