diff options
| author | Vipul <finn02@disroot.org> | 2019-12-22 01:21:22 +0000 |
|---|---|---|
| committer | Vipul <finn02@disroot.org> | 2019-12-22 02:27:45 +0000 |
| commit | 6a5aae65308b3808e4ebc0602c7f90b1a5cb888b (patch) | |
| tree | 47d92ef6fa90afaa754f92fd62fb80e670ae8621 /searx | |
| parent | 36ca2dcc56651688cd7ca8b8d925a9370bdc1dec (diff) | |
[Fix] oscar: no HTML escaping prior to output
When results are fetched from any programming related documentation site
(like git-scm.com, docs.python.org etc), content in Info box is shown as
raw HTML code.
This change addresses the issue by using "safe" filter feature provided by
Django. See,
- https://docs.djangoproject.com/en/3.0/ref/templates/builtins/#safe
- Searx issue tracker (issue #1649), for more information.
Resolves: #1649
Diffstat (limited to 'searx')
| -rw-r--r-- | searx/templates/oscar/infobox.html | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/searx/templates/oscar/infobox.html b/searx/templates/oscar/infobox.html index 9f5e58d2b..9802f11e2 100644 --- a/searx/templates/oscar/infobox.html +++ b/searx/templates/oscar/infobox.html @@ -6,7 +6,7 @@ <div class="panel-body"> {% if infobox.img_src %}<img class="img-responsive center-block infobox_part" src="{{ image_proxify(infobox.img_src) }}" alt="{{ infobox.infobox }}" />{% endif %} - {% if infobox.content %}<bdi><p class="infobox_part">{{ infobox.content }}</p></bdi>{% endif %} + {% if infobox.content %}<bdi><p class="infobox_part">{{ infobox.content | safe }}</p></bdi>{% endif %} {% if infobox.attributes -%} <table class="table table-striped infobox_part"> |