Escape user input used in flashed messages.

author: Frederick Muriuki Muriithi 2025-02-18 17:23:50 -0600
committer: Frederick Muriuki Muriithi 2025-02-18 17:23:50 -0600
commit: 093cead83884ee4fbf3967f1f9f8e0b08931e4ad (patch)
tree: adefa4ce037bb74e557e538c9b7a74435e32e72c /uploader/species
parent: c0ff8451e519744e3c5f77db462624a8a362547c (diff)
download: gn-uploader-093cead83884ee4fbf3967f1f9f8e0b08931e4ad.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/uploader/species/views.py b/uploader/species/views.py
index f0798d6..9ad5254 100644
--- a/uploader/species/views.py
+++ b/uploader/species/views.py
@@ -117,8 +117,9 @@ def create_species():
         species = save_species(
             conn, common_name, scientific_name, family, taxon_id)
         flash(
-            f"You have successfully added species '{species['scientific_name']} "
-            f"({species['common_name']})'.",
+            f"You have successfully added species "
+            f"'{escape(species['scientific_name'])} "
+            f"({escape(species['common_name'])})'.",
             "alert-success")
 
         return_to = request.form.get("return_to").strip()
author	Frederick Muriuki Muriithi	2025-02-18 17:23:50 -0600
committer	Frederick Muriuki Muriithi	2025-02-18 17:23:50 -0600
commit	093cead83884ee4fbf3967f1f9f8e0b08931e4ad (patch)
tree	adefa4ce037bb74e557e538c9b7a74435e32e72c /uploader/species
parent	c0ff8451e519744e3c5f77db462624a8a362547c (diff)
download	gn-uploader-093cead83884ee4fbf3967f1f9f8e0b08931e4ad.tar.gz