]> git.ipfire.org Git - thirdparty/patchwork.git/commitdiff
projects / thirdparty / patchwork.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1a5aad5)
filters: Escape State names when generating selector HTML
authorAndrew Donnellan <ajd@linux.ibm.com>
Fri, 5 Jul 2019 03:27:41 +0000 (13:27 +1000)
committerDaniel Axtens <dja@axtens.net>
Fri, 5 Jul 2019 05:03:11 +0000 (15:03 +1000)
States with names containing special characters are not correctly escaped
when generating the select list. Use escape() to fix this.

Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
(cherry picked from commit b3fa0c402e060622a5ed539a465d2fa98b1d2e13)
Signed-off-by: Daniel Axtens <dja@axtens.net>
patchwork/filters.py patch | blob | blame | history

diff --git a/patchwork/filters.py b/patchwork/filters.py
index 8d0f82f2d9a5772d2d734d3527d5fdff1811fbb5..0699e694574e0ea8c21c04a9d8134cd5ec06e054 100644 (file)
--- a/patchwork/filters.py
+++ b/patchwork/filters.py
@@ -252,7 +252,7 @@ class StateFilter(Filter):
                 selected = ' selected="true"'
 
             out += '<option value="%d" %s>%s</option>' % (
-                state.id, selected, state.name)
+                state.id, selected, escape(state.name))
         out += '</select>'
         return mark_safe(out)
 
Mirror of https://github.com/getpatchwork/patchwork.git