mirror/netbox-community-netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2024-05-10 07:54:54 +00:00
Code Activity

#7612: Use escape() rather than strip_tags()

Browse Source
This commit is contained in:
jeremystretch
2021-11-03 08:56:30 -04:00
parent 318c8b85e9
commit 7614f423e5
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
netbox/extras/models/customfields.py
View File

@ -7,7 +7,7 @@ from django.contrib.postgres.fields import ArrayField
from django.core.validators import RegexValidator, ValidationError from django.core.validators import RegexValidator, ValidationError
from django.db import models from django.db import models
from django.urls import reverse from django.urls import reverse
from django.utils.html import strip_tags from django.utils.html import escape
from django.utils.safestring import mark_safe from django.utils.safestring import mark_safe
from extras.choices import * from extras.choices import *
@ -288,7 +288,7 @@ class CustomField(ChangeLoggedModel):
field.model = self field.model = self
field.label = str(self) field.label = str(self)
if self.description: if self.description:
field.help_text = strip_tags(self.description) field.help_text = escape(self.description)
return field return field

2
netbox/templates/inc/custom_fields_panel.html
View File

@ -8,7 +8,7 @@
<table class="table table-hover attr-table"> <table class="table table-hover attr-table">
{% for field, value in custom_fields.items %} {% for field, value in custom_fields.items %}
<tr> <tr>
<td><span title="{{ field.description|striptags }}">{{ field }}</span></td> <td><span title="{{ field.description|escape }}">{{ field }}</span></td>
<td> <td>
{% if field.type == 'boolean' and value == True %} {% if field.type == 'boolean' and value == True %}
<i class="mdi mdi-check-bold text-success" title="True"></i> <i class="mdi mdi-check-bold text-success" title="True"></i>