escape html in attributes

This commit is contained in:
j 2025-03-29 07:47:59 +00:00
parent 5d6c4ac6bc
commit c7e08ddc32
2 changed files with 2 additions and 2 deletions

View file

@ -8,7 +8,7 @@
<div class="medium-9 columns">
<img src="{{ object.get_display_url }}" alt="{{ object.title }}">
<p>
{{ object.caption_html }}
{{ object.caption_html|safe }}
{% if object.caption %}<br>{%endif%}
{% if request.user.is_staff %}<a href="{{ photo.image.url }}" class="original-link" target="_blank" >Link to original file</a>{% endif %}
</p>

View file

@ -594,7 +594,7 @@ class Photo(ImageModel):
def caption_html(self):
caption = self.caption
if caption:
return mark_safe(markdownify(caption))
return markdownify(caption)
return caption
def edit_url(self):