From 48d6b31485dfd3110b82fd8829063297284c78c0 Mon Sep 17 00:00:00 2001 From: David Bremner Date: Mon, 5 Sep 2022 08:03:39 -0300 Subject: [PATCH] nmweb: escape subject in search view Fix a bug reported by Jakub Wilk [1]. [1]: id:20220822064717.qftn4tr7cs4r2ian@jwilk.net --- devel/notmuch-web/nmweb.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devel/notmuch-web/nmweb.py b/devel/notmuch-web/nmweb.py index 928e4863..7b555c62 100755 --- a/devel/notmuch-web/nmweb.py +++ b/devel/notmuch-web/nmweb.py @@ -131,7 +131,7 @@ env.globals['mailto_addrs'] = mailto_addrs def link_msg(msg): lnk = quote_plus(msg.messageid.encode('utf8')) try: - subj = msg.header('Subject') + subj = html.escape(msg.header('Subject')) except LookupError: subj = "" out = '%s' % (prefix, lnk, subj)