Use of mark_safe() may expose cross-site scripting vulnerabilities and should be reviewed.

Open vignesh7056 opened this issue 2 years ago • 0 comments

module = sponsors/forms.py

field = required_asset.as_form_field(required=required, initial=value) if required_asset.due_date and not bool(value): field.label = mark_safe(f"{field.label}
(Required by {required_asset.due_date})") if bool(value): field.label = mark_safe(f"{field.label}
(Fulfilled, thank you!)")

Mar 17 '23 14:03 vignesh7056