fix(templates): Mark pre-escaped variables as 'safe'

2018-04-16 00:25:29 +02:00 · 2018-04-16 00:25:29 +02:00 · 72f6fa65fd
commit 72f6fa65fd
parent fc0b9d7fa5
2 changed files with 2 additions and 2 deletions
--- a/templates/search.html
+++ b/templates/search.html
@ -34,7 +34,7 @@
            {% for result in results -%}
            <a href="/thread/{{ result.thread_id }}#post-{{ result.post_id }}" class="list-group-item list-group-item-action flex-column align-items-start">
              <div class="d-flex w-100 justify-content-between">
-                <p class="mb-1">{{ result.headline }}</p>
+                <p class="mb-1">{{ result.headline | safe }}</p>
                <small class="float-right text-muted"><i>(Posted in '{{ result.title }}' by {{ result.author }})</i></small>
              </div>
            </a>
--- a/templates/thread.html
+++ b/templates/thread.html
@ -33,7 +33,7 @@
            <strong>{{ post.author_name }}</strong>
          </div>

-          <div class="align-self-stretch">{{ post.body }}</div>
+          <div class="align-self-stretch">{{ post.body | safe }}</div>

          <div class="d-inline-flex flex-column align-items-end ml-auto">
            <a href="/thread/{{ id }}#post-{{ post.id }}" class="ml-auto">