[fix] route /autocompleter: escape '<' and '>' in the response

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
This commit is contained in:
Markus Heiser 2021-11-27 08:39:48 +01:00
parent e27b1ac57a
commit 9a3253fc16

View file

@ -916,6 +916,7 @@ def autocompleter():
suggestions = json.dumps([sug_prefix, results]) suggestions = json.dumps([sug_prefix, results])
mimetype = 'application/x-suggestions+json' mimetype = 'application/x-suggestions+json'
suggestions = escape(suggestions, False)
return Response(suggestions, mimetype=mimetype) return Response(suggestions, mimetype=mimetype)