From 8eb79e7a97e1b38f1e145fa80e3a60e86c353aea Mon Sep 17 00:00:00 2001 From: guerler Date: Tue, 6 Aug 2024 14:45:56 +0300 Subject: [PATCH] Escape title --- .../common/templates/script_entry_point.mako | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/config/plugins/visualizations/common/templates/script_entry_point.mako b/config/plugins/visualizations/common/templates/script_entry_point.mako index 2837c717ad2f..677be72b02b5 100644 --- a/config/plugins/visualizations/common/templates/script_entry_point.mako +++ b/config/plugins/visualizations/common/templates/script_entry_point.mako @@ -12,12 +12,15 @@ ## Create a container, attach data and import script file <%def name="get_body()"> ## Collect incoming data - <% data_incoming = { - "root": h.url_for("/"), - "visualization_id": visualization_id, - "visualization_name": visualization_name, - "visualization_plugin": visualization_plugin, - "visualization_config": config } + <% + from markupsafe import escape + data_incoming = { + "root": h.url_for("/"), + "visualization_id": visualization_id, + "visualization_name": visualization_name, + "visualization_plugin": visualization_plugin, + "visualization_title": escape(title), + "visualization_config": config } %> ## Create a container with default identifier `app`