]> git.notmuchmail.org Git - notmuch/blobdiff - devel/notmuch-web/nmweb.py
projects / notmuch / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
nmweb: escape subject in search view
[notmuch] / devel / notmuch-web / nmweb.py
diff --git a/devel/notmuch-web/nmweb.py b/devel/notmuch-web/nmweb.py
index 928e486320f6880c9b41c42b108b67e5874b0135..7b555c62b6eeadd3deadaa2cec5584fa4edf535f 100755 (executable)
--- a/devel/notmuch-web/nmweb.py
+++ b/devel/notmuch-web/nmweb.py
@@ -131,7 +131,7 @@ env.globals['mailto_addrs'] = mailto_addrs
 def link_msg(msg):
   lnk = quote_plus(msg.messageid.encode('utf8'))
   try:
-    subj = msg.header('Subject')
+    subj = html.escape(msg.header('Subject'))
   except LookupError:
     subj = ""
   out = '<a href="%s/show/%s">%s</a>' % (prefix, lnk, subj)
Notmuch source code