From 826b17d316a5e29b5d737024ab8b8589a13c0bcd Mon Sep 17 00:00:00 2001
From: Thomas Schneider <thomas@fsmpi.rwth-aachen.de>
Date: Thu, 14 Nov 2024 17:48:03 +0100
Subject: [PATCH] examples: Fix HTML injection in templates

---
 examples/data/templates/image-left.html.j2 | 2 +-
 examples/data/templates/text-only.html.j2  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/data/templates/image-left.html.j2 b/examples/data/templates/image-left.html.j2
index 7ef3763..df93cc1 100644
--- a/examples/data/templates/image-left.html.j2
+++ b/examples/data/templates/image-left.html.j2
@@ -14,7 +14,7 @@
 			{%- endif -%}
 		/>
 		<p id="text">
-			{{ schild.text|default(lipsum(n=1, min=5, max=10)) }}
+			{{ schild.text|default(lipsum(n=1, min=5, max=10))|e }}
 		</p>
 	</div>
 {% endblock content %}
diff --git a/examples/data/templates/text-only.html.j2 b/examples/data/templates/text-only.html.j2
index 4f51c29..281263a 100644
--- a/examples/data/templates/text-only.html.j2
+++ b/examples/data/templates/text-only.html.j2
@@ -6,7 +6,7 @@
 {%- block content -%}
 	<div>
 		<p id="text">
-			{{ schild.text|default(lipsum(n=2, min=5, max=10)) }}
+			{{ schild.text|default(lipsum(n=2, min=5, max=10))|e }}
 		</p>
 	</div>
 {% endblock content %}
-- 
GitLab