Last fix for html escape

This commit is contained in:
2000-Trek 2023-06-23 18:47:12 +02:00
parent 6d0b42b5a5
commit fb71a56030

View file

@ -123,7 +123,7 @@ def remove_user():
db_log.info(f"Deleted user {user_id}")
conn.commit()
socketio.emit("update", "update")
return f'<p>Deleted user {user_name}</p><a href="/list">return to the tags and user list</a>'
return f'<p>Deleted user {escape(user_name)}</p><a href="/list">return to the tags and user list</a>'
else:
return "Error: 043"