[PATCH] filters: Escape State names when generating selector HTML

Andrew Donnellan Thu, 04 Jul 2019 20:29:14 -0700

States with names containing special characters are not correctly escaped
when generating the select list. Use escape() to fix this.


Signed-off-by: Andrew Donnellan <a...@linux.ibm.com>
---
 patchwork/filters.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/patchwork/filters.py b/patchwork/filters.py
index e2d2f5958dd4..fb644f982136 100644
--- a/patchwork/filters.py
+++ b/patchwork/filters.py
@@ -262,7 +262,7 @@ class StateFilter(Filter):
                 selected = ' selected="true"'
 
             out += '<option value="%d" %s>%s</option>' % (
-                state.id, selected, state.name)
+                state.id, selected, escape(state.name))
         out += '</select>'
         return mark_safe(out)
 
-- 
2.20.1

_______________________________________________
Patchwork mailing list
Patchwork@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/patchwork

[PATCH] filters: Escape State names when generating selector HTML

Reply via email to