Render error message w/o `safe` filter

The error message shown in the error template does not need to be
rendered using the safe filter, and furthermore opens up an XSS
vulnerability.
main
Ben Busby 2022-04-26 09:28:05 -06:00
parent d62ceb8423
commit abc30d7da3
No known key found for this signature in database
GPG Key ID: B9B7231E01D924A1
1 changed files with 1 additions and 1 deletions

View File

@ -16,7 +16,7 @@
<div>
<h1>Error</h1>
<p>
{{ error_message|safe }}
{{ error_message }}
</p>
<hr>
<p>