[PATCH] filters: Escape State names when generating selector HTML

Daniel Axtens dja at axtens.net
Fri Jul 5 15:01:57 AEST 2019


Thanks, applied.

Andrew Donnellan <ajd at linux.ibm.com> writes:

> States with names containing special characters are not correctly escaped
> when generating the select list. Use escape() to fix this.
>
> Signed-off-by: Andrew Donnellan <ajd at linux.ibm.com>
> ---
>  patchwork/filters.py | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/patchwork/filters.py b/patchwork/filters.py
> index e2d2f5958dd4..fb644f982136 100644
> --- a/patchwork/filters.py
> +++ b/patchwork/filters.py
> @@ -262,7 +262,7 @@ class StateFilter(Filter):
>                  selected = ' selected="true"'
>  
>              out += '<option value="%d" %s>%s</option>' % (
> -                state.id, selected, state.name)
> +                state.id, selected, escape(state.name))
>          out += '</select>'
>          return mark_safe(out)
>  
> -- 
> 2.20.1
>
> _______________________________________________
> Patchwork mailing list
> Patchwork at lists.ozlabs.org
> https://lists.ozlabs.org/listinfo/patchwork


More information about the Patchwork mailing list