CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

PDF renderer: Properly escape HTML answer fields (#1473)

Browse Source
This commit is contained in:
Felix Schäfer
2019-10-29 17:58:10 +01:00
committed by Raphael Michel
parent 9ed49fb379
commit f473439f77
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/pretix/base/pdf.py
View File

@@ -288,7 +288,7 @@ def variables_from_questions(sender, *args, **kwargs):
if not a: if not a:
return "" return ""
else: else:
return str(a).replace("\n", "<br/>\n") return escape(str(a)).replace("\n", "<br/>\n")
d = {} d = {}
for q in sender.questions.all(): for q in sender.questions.all():