Render error message w/o safe filter

The error message shown in the error template does not need to be rendered using the safe filter, and furthermore opens up an XSS vulnerability.
2024-11-14 18:12:45 +00:00 · 2022-04-26 09:28:05 -06:00 · 2022-04-26 09:28:05 -06:00 · abc30d7da3
commit abc30d7da3
parent d62ceb8423
1 changed files with 1 additions and 1 deletions
--- a/app/templates/error.html
+++ b/app/templates/error.html
@ -16,7 +16,7 @@
 <div>
    <h1>Error</h1>
    <p>
-        {{ error_message|safe }}
+        {{ error_message }}
    </p>
    <hr>
    <p>