Escape css and guild names in the frontend

2025-07-05 04:35:23 +02:00 · 2018-01-24 05:42:47 +00:00
parent b4e04a27c3
commit eea94477ea
5 changed files with 7 additions and 7 deletions
--- a/webapp/titanembeds/templates/dashboard.html.j2
+++ b/webapp/titanembeds/templates/dashboard.html.j2
@ -19,7 +19,7 @@
        </div>
        <div class="col s7">
          <span class="black-text">
-            <p class="flow-text truncate">{{ server.name }}</p>
+            <p class="flow-text truncate">{{ server.name|e }}</p>
            <br>
            <a class="waves-effect waves-light btn" href="{{url_for('user.administrate_guild', guild_id=server['id'])}}">Modify</a>
          </span>
@ -56,7 +56,7 @@
  {% for css in css_list %}
  <div class="col l4 m6 s12">
    <div class="card-panel indigo lighten-5 z-depth-3 hoverable black-text">
-      <p class="flow-text truncate"><code>#{{ css.id }}</code> {{ css.name }}</p>
+      <p class="flow-text truncate"><code>#{{ css.id }}</code> {{ css.name|e }}</p>
      <a class="waves-effect waves-light btn" href="{{ url_for("user.edit_custom_css_get", css_id=css.id) }}">Modify</a>
    </div>
  </div>