Render error message w/o safe filter

The error message shown in the error template does not need to be rendered using the safe filter, and furthermore opens up an XSS vulnerability.
benbusby · Apr 26, 2022 · abc30d7 · abc30d7
1 parent d62ceb8
commit abc30d7
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/templates/error.html b/app/templates/error.html
@@ -16,7 +16,7 @@
 <div>
     <h1>Error</h1>
     <p>
-        {{ error_message|safe }}
+        {{ error_message }}
     </p>
     <hr>
     <p>