nmweb: escape subject in search view

Fix a bug reported by Jakub Wilk [1]. [1]: id:20220822064717.qftn4tr7cs4r2ian@jwilk.net
author: David Bremner <david@tethera.net> 2022-09-05 08:03:39 -0300
committer: David Bremner <david@tethera.net> 2022-09-23 20:19:56 -0300
commit: 48d6b31485dfd3110b82fd8829063297284c78c0 (patch)
tree: 31545360d8eaa105df89743dbfd5511d37780d62 /devel
parent: bf8aa34324cc91a530b0b12f833f106c939f7d84 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/devel/notmuch-web/nmweb.py b/devel/notmuch-web/nmweb.py
index 928e4863..7b555c62 100755
--- a/devel/notmuch-web/nmweb.py
+++ b/devel/notmuch-web/nmweb.py
@@ -131,7 +131,7 @@ env.globals['mailto_addrs'] = mailto_addrs
 def link_msg(msg):
   lnk = quote_plus(msg.messageid.encode('utf8'))
   try:
-    subj = msg.header('Subject')
+    subj = html.escape(msg.header('Subject'))
   except LookupError:
     subj = ""
   out = '<a href="%s/show/%s">%s</a>' % (prefix, lnk, subj)
author	David Bremner <david@tethera.net>	2022-09-05 08:03:39 -0300
committer	David Bremner <david@tethera.net>	2022-09-23 20:19:56 -0300
commit	48d6b31485dfd3110b82fd8829063297284c78c0 (patch)
tree	31545360d8eaa105df89743dbfd5511d37780d62 /devel
parent	bf8aa34324cc91a530b0b12f833f106c939f7d84 (diff)