From abc30d7da3b5c67be7ce84d4699f327442d44606 Mon Sep 17 00:00:00 2001 From: Ben Busby Date: Tue, 26 Apr 2022 09:28:05 -0600 Subject: [PATCH] Render error message w/o `safe` filter The error message shown in the error template does not need to be rendered using the safe filter, and furthermore opens up an XSS vulnerability. --- app/templates/error.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/templates/error.html b/app/templates/error.html index 58f7f42..708f749 100644 --- a/app/templates/error.html +++ b/app/templates/error.html @@ -16,7 +16,7 @@

Error

- {{ error_message|safe }} + {{ error_message }}