Skip to content
Permalink
Browse files Browse the repository at this point in the history
Render error message w/o safe filter
The error message shown in the error template does not need to be
rendered using the safe filter, and furthermore opens up an XSS
vulnerability.
  • Loading branch information
benbusby committed Apr 26, 2022
1 parent d62ceb8 commit abc30d7
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion app/templates/error.html
Expand Up @@ -16,7 +16,7 @@
<div>
<h1>Error</h1>
<p>
{{ error_message|safe }}
{{ error_message }}
</p>
<hr>
<p>
Expand Down

0 comments on commit abc30d7

Please sign in to comment.