Fix for escaped HTML form elements

acdh-oeaw · Nov 30, 2023 · 3156392 · 3156392
1 parent c7a97c2
commit 3156392
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 14 deletions.
diff --git a/openatlas/forms/field.py b/openatlas/forms/field.py
@@ -174,11 +174,11 @@ def __call__(
                 f' id="{entity.id}" '
                 f'{" checked" if entity.id in data else ""}>')
             table.rows.append(row)
-        return render_template(
+        return Markup(render_template(
             'forms/table_multi_select.html',
             field=field,
             selection=[e for e in entities if e.id in data],
-            table=table) + super().__call__(field, **kwargs)
+            table=table)) + super().__call__(field, **kwargs)
 
 
 class TableMultiField(HiddenField):
@@ -230,11 +230,11 @@ class SimpleEntityForm(FlaskForm):
             field.id,
             field.data,
             field.filter_ids)
-        return render_template(
+        return Markup(render_template(
             'forms/table_select.html',
             field=field,
             table=table.display(field.id),
-            selection=selection) + super().__call__(field, **kwargs)
+            selection=selection)) + super().__call__(field, **kwargs)
 
 
 class TableField(HiddenField):
@@ -260,12 +260,12 @@ class TreeMultiSelect(HiddenInput):
     def __call__(self, field: TreeField, **kwargs: Any) -> TreeMultiSelect:
         data = field.data or []
         data = ast.literal_eval(data) if isinstance(data, str) else data
-        return render_template(
+        return Markup(render_template(
             'forms/tree_multi_select.html',
             field=field,
             root=g.types[int(field.type_id)],
             selection=sorted(data, key=lambda k: g.types[k].name),
-            data=Type.get_tree_data(int(field.id), data)) \
+            data=Type.get_tree_data(int(field.id), data))) \
             + super().__call__(field, **kwargs)
 
 
@@ -294,15 +294,15 @@ def __call__(self, field: TreeField, **kwargs: Any) -> TreeSelect:
                 if isinstance(field.data, list) else field.data
             selection = g.types[int(field.data)].name
             selected_ids.append(g.types[int(field.data)].id)
-        return render_template(
+        return Markup(render_template(
             'forms/tree_select.html',
             field=field,
             selection=selection,
             root=g.types[int(field.type_id)],
             data=Type.get_tree_data(
                 int(field.type_id),
                 selected_ids,
-                field.filters_ids)) + super().__call__(field, **kwargs)
+                field.filters_ids))) + super().__call__(field, **kwargs)
 
 
 class TreeField(HiddenField):

diff --git a/openatlas/templates/forms/tree_select.html b/openatlas/templates/forms/tree_select.html
@@ -57,14 +57,10 @@ <h5 class="modal-title">
             </button>
           {% endif %}
         </div>
-        <div id="{{ field.id }}-tree"
-             style="text-align: left!important;"></div>
+        <div id="{{ field.id }}-tree" style="text-align: left!important;"></div>
       </div>
       <div class="modal-footer">
-        <button
-            type="button"
-            class="{{ config.CSS.button.primary }}"
-            data-bs-dismiss="modal">
+        <button type="button" class="{{ config.CSS.button.primary }}" data-bs-dismiss="modal">
           {{ _('close')|uc_first }}
         </button>
       </div>