Fix unescaped content injection in rosie disco (#2766)

Cherry-picked from ad2001f
metomi · Mar 18, 2024 · 88c3573 · 88c3573
1 parent bbb63a8
commit 88c3573
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/metomi/rosie/lib/html/template/rosie-disco/prefix-index.html b/metomi/rosie/lib/html/template/rosie-disco/prefix-index.html
@@ -225,7 +225,7 @@
 {%- if "-list" in key %}
 {%- set value = value|join(" ") %}
 {%- endif %}
-{%- set info = info ~ "<strong>" ~ key ~ "</strong>" ~ ": " ~ value ~ "<br/>"  %}
+{%- set info = info ~ "<strong>" ~ key ~ "</strong>" ~ ": " ~ value|escape ~ "<br/>"  %}
 {%- endif %}
 {%- if loop.last %}
           <tr>