escape html in attributes

2025-03-29 07:47:59 +00:00 · 2025-03-29 07:47:59 +00:00 · c7e08ddc32
commit c7e08ddc32
parent 5d6c4ac6bc
2 changed files with 2 additions and 2 deletions
--- a/content/templates/photologue/photo_detail.html
+++ b/content/templates/photologue/photo_detail.html
@ -8,7 +8,7 @@
    <div class="medium-9 columns">
        <img src="{{ object.get_display_url }}" alt="{{ object.title }}">
        <p>
-            {{ object.caption_html }}
+            {{ object.caption_html|safe }}
            {% if object.caption %}<br>{%endif%}
            {% if request.user.is_staff %}<a href="{{ photo.image.url }}" class="original-link" target="_blank" >Link to original file</a>{% endif %}
        </p>
--- a/photologue/models.py
+++ b/photologue/models.py
@ -594,7 +594,7 @@ class Photo(ImageModel):
    def caption_html(self):
        caption = self.caption
        if caption:
-            return mark_safe(markdownify(caption))
+            return markdownify(caption)
        return caption

    def edit_url(self):