Merge pull request #557 from return42/fix-autocomplete

[fix] route /autocompleter: escape `<` and `>` in the simple theme
This commit is contained in:
Alexandre Flament 2021-11-29 16:58:15 +01:00 committed by GitHub
commit 3700094f3a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -916,6 +916,7 @@ def autocompleter():
suggestions = json.dumps([sug_prefix, results]) suggestions = json.dumps([sug_prefix, results])
mimetype = 'application/x-suggestions+json' mimetype = 'application/x-suggestions+json'
if get_current_theme_name() == 'simple':
suggestions = escape(suggestions, False) suggestions = escape(suggestions, False)
return Response(suggestions, mimetype=mimetype) return Response(suggestions, mimetype=mimetype)