]> git.cworth.org Git - notmuch/commitdiff
projects / notmuch / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bf8aa34)
nmweb: escape subject in search view
authorDavid Bremner <david@tethera.net>
Mon, 5 Sep 2022 11:03:39 +0000 (08:03 -0300)
committerDavid Bremner <david@tethera.net>
Fri, 23 Sep 2022 23:19:56 +0000 (20:19 -0300)
Fix a bug reported by Jakub Wilk [1].

[1]: id:20220822064717.qftn4tr7cs4r2ian@jwilk.net

devel/notmuch-web/nmweb.py patch | blob | history

diff --git a/devel/notmuch-web/nmweb.py b/devel/notmuch-web/nmweb.py
index 928e486320f6880c9b41c42b108b67e5874b0135..7b555c62b6eeadd3deadaa2cec5584fa4edf535f 100755 (executable)
--- a/devel/notmuch-web/nmweb.py
+++ b/devel/notmuch-web/nmweb.py
@@ -131,7 +131,7 @@ env.globals['mailto_addrs'] = mailto_addrs
 def link_msg(msg):
   lnk = quote_plus(msg.messageid.encode('utf8'))
   try:
-    subj = msg.header('Subject')
+    subj = html.escape(msg.header('Subject'))
   except LookupError:
     subj = ""
   out = '<a href="%s/show/%s">%s</a>' % (prefix, lnk, subj)
Notmuch source code