nmweb: escape subject in search view

Fix a bug reported by Jakub Wilk [1].

[1]: id:20220822064717.qftn4tr7cs4r2ian@jwilk.net
This commit is contained in:
David Bremner 2022-09-05 08:03:39 -03:00
parent bf8aa34324
commit 48d6b31485

View file

@ -131,7 +131,7 @@ env.globals['mailto_addrs'] = mailto_addrs
def link_msg(msg): def link_msg(msg):
lnk = quote_plus(msg.messageid.encode('utf8')) lnk = quote_plus(msg.messageid.encode('utf8'))
try: try:
subj = msg.header('Subject') subj = html.escape(msg.header('Subject'))
except LookupError: except LookupError:
subj = "" subj = ""
out = '<a href="%s/show/%s">%s</a>' % (prefix, lnk, subj) out = '<a href="%s/show/%s">%s</a>' % (prefix, lnk, subj)