From 3156392c835d817268df660d3527837b58be690a Mon Sep 17 00:00:00 2001
From: Alexander Watzinger <alexander.watzinger@craws.net>
Date: Thu, 30 Nov 2023 13:27:52 +0100
Subject: [PATCH] Fix for escaped HTML form elements

---
 openatlas/forms/field.py                   | 16 ++++++++--------
 openatlas/templates/forms/tree_select.html |  8 ++------
 2 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/openatlas/forms/field.py b/openatlas/forms/field.py
index e4d7efa43..07d2a0af4 100644
--- a/openatlas/forms/field.py
+++ b/openatlas/forms/field.py
@@ -174,11 +174,11 @@ def __call__(
                 f' id="{entity.id}" '
                 f'{" checked" if entity.id in data else ""}>')
             table.rows.append(row)
-        return render_template(
+        return Markup(render_template(
             'forms/table_multi_select.html',
             field=field,
             selection=[e for e in entities if e.id in data],
-            table=table) + super().__call__(field, **kwargs)
+            table=table)) + super().__call__(field, **kwargs)
 
 
 class TableMultiField(HiddenField):
@@ -230,11 +230,11 @@ class SimpleEntityForm(FlaskForm):
             field.id,
             field.data,
             field.filter_ids)
-        return render_template(
+        return Markup(render_template(
             'forms/table_select.html',
             field=field,
             table=table.display(field.id),
-            selection=selection) + super().__call__(field, **kwargs)
+            selection=selection)) + super().__call__(field, **kwargs)
 
 
 class TableField(HiddenField):
@@ -260,12 +260,12 @@ class TreeMultiSelect(HiddenInput):
     def __call__(self, field: TreeField, **kwargs: Any) -> TreeMultiSelect:
         data = field.data or []
         data = ast.literal_eval(data) if isinstance(data, str) else data
-        return render_template(
+        return Markup(render_template(
             'forms/tree_multi_select.html',
             field=field,
             root=g.types[int(field.type_id)],
             selection=sorted(data, key=lambda k: g.types[k].name),
-            data=Type.get_tree_data(int(field.id), data)) \
+            data=Type.get_tree_data(int(field.id), data))) \
             + super().__call__(field, **kwargs)
 
 
@@ -294,7 +294,7 @@ def __call__(self, field: TreeField, **kwargs: Any) -> TreeSelect:
                 if isinstance(field.data, list) else field.data
             selection = g.types[int(field.data)].name
             selected_ids.append(g.types[int(field.data)].id)
-        return render_template(
+        return Markup(render_template(
             'forms/tree_select.html',
             field=field,
             selection=selection,
@@ -302,7 +302,7 @@ def __call__(self, field: TreeField, **kwargs: Any) -> TreeSelect:
             data=Type.get_tree_data(
                 int(field.type_id),
                 selected_ids,
-                field.filters_ids)) + super().__call__(field, **kwargs)
+                field.filters_ids))) + super().__call__(field, **kwargs)
 
 
 class TreeField(HiddenField):
diff --git a/openatlas/templates/forms/tree_select.html b/openatlas/templates/forms/tree_select.html
index 05dd87480..1abad4bf4 100644
--- a/openatlas/templates/forms/tree_select.html
+++ b/openatlas/templates/forms/tree_select.html
@@ -57,14 +57,10 @@ <h5 class="modal-title">
             </button>
           {% endif %}
         </div>
-        <div id="{{ field.id }}-tree"
-             style="text-align: left!important;"></div>
+        <div id="{{ field.id }}-tree" style="text-align: left!important;"></div>
       </div>
       <div class="modal-footer">
-        <button
-            type="button"
-            class="{{ config.CSS.button.primary }}"
-            data-bs-dismiss="modal">
+        <button type="button" class="{{ config.CSS.button.primary }}" data-bs-dismiss="modal">
           {{ _('close')|uc_first }}
         </button>
       </div>