From c7e08ddc32a205c7cda469b70725a912fd994b82 Mon Sep 17 00:00:00 2001
From: j <j@mailb.org>
Date: Sat, 29 Mar 2025 07:47:59 +0000
Subject: [PATCH] escape html in attributes

---
 content/templates/photologue/photo_detail.html | 2 +-
 photologue/models.py                           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/content/templates/photologue/photo_detail.html b/content/templates/photologue/photo_detail.html
index da78604..464cfba 100644
--- a/content/templates/photologue/photo_detail.html
+++ b/content/templates/photologue/photo_detail.html
@@ -8,7 +8,7 @@
     <div class="medium-9 columns">
         <img src="{{ object.get_display_url }}" alt="{{ object.title }}">
         <p>
-            {{ object.caption_html }}
+            {{ object.caption_html|safe }}
             {% if object.caption %}<br>{%endif%}
             {% if request.user.is_staff %}<a href="{{ photo.image.url }}" class="original-link" target="_blank" >Link to original file</a>{% endif %}
         </p>
diff --git a/photologue/models.py b/photologue/models.py
index 13a4194..bb42ef7 100644
--- a/photologue/models.py
+++ b/photologue/models.py
@@ -594,7 +594,7 @@ class Photo(ImageModel):
     def caption_html(self):
         caption = self.caption
         if caption:
-            return mark_safe(markdownify(caption))
+            return markdownify(caption)
         return caption
 
     def edit_url(self):