diff options
| author | Vipul <finn02@disroot.org> | 2019-12-22 01:21:22 +0000 |
|---|---|---|
| committer | Vipul <finn02@disroot.org> | 2019-12-24 15:11:48 +0530 |
| commit | 8bea927bb02e02754834d6f9692942f621bd21c5 (patch) | |
| tree | 30cc34e7c9aae19509f042709426b42b9c3c08c5 | |
| parent | 3e14bf4d2786ce5f2a61684cf16744700e670e60 (diff) | |
| download | searxng-8bea927bb02e02754834d6f9692942f621bd21c5.tar.gz searxng-8bea927bb02e02754834d6f9692942f621bd21c5.zip | |
[Fix] oscar: no HTML escaping prior to output
When results are fetched from any programming related documentation site
(like git-scm.com, docs.python.org etc), content in Info box is shown as
raw HTML code.
This change addresses the issue by using "safe" filter feature provided by
Django. See,
- https://docs.djangoproject.com/en/3.0/ref/templates/builtins/#safe
- Searx issue tracker (issue #1649), for more information.
Resolves: #1649
| -rw-r--r-- | searx/templates/oscar/infobox.html | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/searx/templates/oscar/infobox.html b/searx/templates/oscar/infobox.html index 9f5e58d2b..9802f11e2 100644 --- a/searx/templates/oscar/infobox.html +++ b/searx/templates/oscar/infobox.html @@ -6,7 +6,7 @@ <div class="panel-body"> {% if infobox.img_src %}<img class="img-responsive center-block infobox_part" src="{{ image_proxify(infobox.img_src) }}" alt="{{ infobox.infobox }}" />{% endif %} - {% if infobox.content %}<bdi><p class="infobox_part">{{ infobox.content }}</p></bdi>{% endif %} + {% if infobox.content %}<bdi><p class="infobox_part">{{ infobox.content | safe }}</p></bdi>{% endif %} {% if infobox.attributes -%} <table class="table table-striped infobox_part"> |