#7612: Use escape() rather than strip_tags()

2024-05-10 07:54:54 +00:00 · 2021-11-03 08:56:30 -04:00
parent 318c8b85e9
commit 7614f423e5
2 changed files with 3 additions and 3 deletions
--- a/netbox/extras/models/customfields.py
+++ b/netbox/extras/models/customfields.py
@ -7,7 +7,7 @@ from django.contrib.postgres.fields import ArrayField
 from django.core.validators import RegexValidator, ValidationError
 from django.db import models
 from django.urls import reverse
-from django.utils.html import strip_tags
+from django.utils.html import escape
 from django.utils.safestring import mark_safe

 from extras.choices import *
@ -288,7 +288,7 @@ class CustomField(ChangeLoggedModel):
        field.model = self
        field.label = str(self)
        if self.description:
-            field.help_text = strip_tags(self.description)
+            field.help_text = escape(self.description)

        return field