Render error message w/o `safe` filter
The error message shown in the error template does not need to be rendered using the safe filter, and furthermore opens up an XSS vulnerability.main
parent
d62ceb8423
commit
abc30d7da3
|
@ -16,7 +16,7 @@
|
|||
<div>
|
||||
<h1>Error</h1>
|
||||
<p>
|
||||
{{ error_message|safe }}
|
||||
{{ error_message }}
|
||||
</p>
|
||||
<hr>
|
||||
<p>
|
||||
|
|
Loading…
Reference in New Issue