From e0c75f6ea1534fe75993c550aee116edba00914e Mon Sep 17 00:00:00 2001
From: Grollicus <cccvgitlab.db5c7b60@grollmann.eu>
Date: Sat, 26 Dec 2020 13:57:06 +0100
Subject: [PATCH] xss fixes

---
 src/plainui/jinja2/plainui/components/list_assemblies.html | 6 +++---
 src/plainui/jinja2/plainui/components/list_rooms.html      | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/plainui/jinja2/plainui/components/list_assemblies.html b/src/plainui/jinja2/plainui/components/list_assemblies.html
index eee2141c4..e05745525 100644
--- a/src/plainui/jinja2/plainui/components/list_assemblies.html
+++ b/src/plainui/jinja2/plainui/components/list_assemblies.html
@@ -72,13 +72,13 @@
         <a
             href="{{ link }}"
             class="text-decoration-none text-white"
-            title="{{ assembly.name | safe }}"
+            title="{{ assembly.name }}"
         >
             <figure class="mb-2">
                 {% if assembly.banner_image %}
-                    <img class="w-100 d-block" src="{{ assembly.banner_image.url }}" alt="{{ assembly.name | safe }}" title="{{ assembly.name | safe}}" />
+                    <img class="w-100 d-block" src="{{ assembly.banner_image.url }}" alt="{{ assembly.name }}" title="{{ assembly.name }}" />
                 {% else %}
-                    <img class="w-100 d-block" src="/static/plainui/img/rc3-logo-assembly.svg" alt="{{ assembly.name | safe }}" title="{{ assembly.name | safe }}" />
+                    <img class="w-100 d-block" src="/static/plainui/img/rc3-logo-assembly.svg" alt="{{ assembly.name }}" title="{{ assembly.name }}" />
                 {% endif %}
             </figure>
             <section class="m-2">
diff --git a/src/plainui/jinja2/plainui/components/list_rooms.html b/src/plainui/jinja2/plainui/components/list_rooms.html
index 7d9b3e133..e5439f0cb 100644
--- a/src/plainui/jinja2/plainui/components/list_rooms.html
+++ b/src/plainui/jinja2/plainui/components/list_rooms.html
@@ -25,8 +25,8 @@
         <span class="btn-icon-big text-white" title="{{ _("roomtype") ~ ': ' ~ _(room.room_type) }}">
             {{ icon(room.room_type) }}
         </span>
-        <a href="{{ link }}" title="{{ room.name | safe }}" class="text-white mr-auto">
-            {{ room.name | safe }}
+        <a href="{{ link }}" title="{{ room.name }}" class="text-white mr-auto">
+            {{ room.name }}
         </a>
         {% if room.capacity and room.capacity != None and room.capacity > 0 %}
             <span class="btn-icon-big text-white">{{ icon("capacity") }}</span>
-- 
GitLab