Skip to content

Commit

Permalink
Fixes #10089: linkify template filter should escape object representa…
Browse files Browse the repository at this point in the history 
…tion
  • Loading branch information
@jeremystretch
jeremystretch committed Aug 22, 2022
1 parent 804c064 commit c14a597
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
1 change: 1 addition & 0 deletions docs/release-notes/version-3.3.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@

* [#10040](https://github.com/netbox-community/netbox/issues/10040) - Fix exception when ordering prefixes by flat representation
* [#10053](https://github.com/netbox-community/netbox/issues/10053) - Custom fields header should not be displayed when editing circuit terminations with no custom fields
* [#10089](https://github.com/netbox-community/netbox/issues/10089) - `linkify` template filter should escape object representation

---

Expand Down
4 changes: 2 additions & 2 deletions netbox/utilities/templatetags/builtins/filters.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
import yaml
from django import template
from django.contrib.contenttypes.models import ContentType
from django.utils.html import strip_tags
from django.utils.html import escape
from django.utils.safestring import mark_safe
from markdown import markdown

Expand Down Expand Up @@ -35,7 +35,7 @@ def linkify(instance, attr=None):
text = getattr(instance, attr) if attr is not None else str(instance)
try:
url = instance.get_absolute_url()
return mark_safe(f'<a href="{url}">{text}</a>')
return mark_safe(f'<a href="{url}">{escape(text)}</a>')
except (AttributeError, TypeError):
return text

Expand Down

0 comments on commit c14a597

Please sign in to comment.