Merge pull request #27 from shivrai/fix/escape_html

Enable HTML escaping for code segments
2017-07-04 09:46:56 -07:00
parent d520a524da 3494c5df82
commit e45bb6ed33
2 changed files with 2 additions and 2 deletions
--- a/templates/cards.html
+++ b/templates/cards.html
@@ -57,7 +57,7 @@
                    {% if card.type == 1 %}
                        {{ card.back|replace("\n", "<br />")|safe }}
                    {% else %}
-                        <pre><code>{{ card.back|safe }}</code></pre>
+                        <pre><code>{{ card.back|escape }}</code></pre>
                    {% endif %}
                </td>
            </tr>
--- a/templates/memorize.html
+++ b/templates/memorize.html
@@ -47,7 +47,7 @@
                                    </div>
                                {% endif %}
                            {% else %}
-                                <pre><code>{{ card.back|safe }}</code></pre>
+                                <pre><code>{{ card.back|escape }}</code></pre>
                            {% endif %}
                        </div>
                    </div>