From 2c5d204996586b6d31b91f1201426d7795442b08 Mon Sep 17 00:00:00 2001
From: Michael Elkins <melkins@tislabs.com>
Date: Wed, 20 Jul 2016 04:41:01 +0000
Subject: use format_html() to build strings returned by custom template tags
 so that the output is not html escaped

closes #835

svn path=/branches/tk705/; revision=6451
---
 rpki/gui/app/templatetags/app_extras.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'rpki')

diff --git a/rpki/gui/app/templatetags/app_extras.py b/rpki/gui/app/templatetags/app_extras.py
index 2a7e2fbe..c1ab0da5 100644
--- a/rpki/gui/app/templatetags/app_extras.py
+++ b/rpki/gui/app/templatetags/app_extras.py
@@ -1,5 +1,6 @@
 from django import template
 from rpki.gui.app.models import Conf
+from django.utils.html import format_html
 
 register = template.Library()
 
@@ -23,7 +24,7 @@ css = {
 
 @register.simple_tag
 def validity_label(validity):
-    return '<span class="label %s">%s</span>' % (css.get(validity, ''), validity)
+    return format_html('<span class="label {}">{}</span>', css.get(validity, ''), validity)
 
 
 @register.simple_tag
@@ -54,7 +55,7 @@ def alert_count(conf):
         css_class = css.get(severity)
     else:
         css_class = 'badge-default'
-    return u'<span class="badge %s">%d</span>' % (css_class, unread)
+    return format_html('<span class="badge {}">{}</span>', css_class, unread)
 
 
 @register.simple_tag
-- 
cgit v1.2.3