diff options
author | Bryan Newbold <bnewbold@robocracy.org> | 2019-04-01 20:48:34 -0700 |
---|---|---|
committer | Bryan Newbold <bnewbold@robocracy.org> | 2019-04-01 20:48:37 -0700 |
commit | 1a371b894a80510241c5804a8fba43a744174716 (patch) | |
tree | 8383c2fffa0f242af5dc7b1b40540d5323d5261c | |
parent | 20d47df8fbe49a011dbfdd4e9762903a48e26e9c (diff) | |
download | fatcat-1a371b894a80510241c5804a8fba43a744174716.tar.gz fatcat-1a371b894a80510241c5804a8fba43a744174716.zip |
allow HTML in flash messages (dangerous)
This change means we need to be careful constructing flash messages (not
allow user input in them).
-rw-r--r-- | python/fatcat_web/templates/base.html | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/python/fatcat_web/templates/base.html b/python/fatcat_web/templates/base.html index d3353ca4..fcd7ccdf 100644 --- a/python/fatcat_web/templates/base.html +++ b/python/fatcat_web/templates/base.html @@ -84,7 +84,7 @@ <div class="header">Now Hear This...</div> <ul class="list"> {% for message in messages %} - <li>{{ message }} + <li>{{ message|safe }} {% endfor %} </ul> </div> |