Render error message w/o `safe` filter

The error message shown in the error template does not need to be rendered using the safe filter, and furthermore opens up an XSS vulnerability.
2 years ago · abc30d7da3
parent d62ceb8423
commit abc30d7da3
1 changed files with 1 additions and 1 deletions
--- a/app/templates/error.html
+++ b/app/templates/error.html
@ -16,7 +16,7 @@
 <div>
    <h1>Error</h1>
    <p>
-        {{ error_message|safe }}
+        {{ error_message }}
    </p>
    <hr>
    <p>