From 87aaf12d2732ba4769963f6cfe0169fbebc07896 Mon Sep 17 00:00:00 2001
From: Emmanuel Viennet <emmanuel.viennet@gmail.com>
Date: Tue, 23 Apr 2024 18:28:00 +0200
Subject: [PATCH] Protect against Reflected XSS on home page (and other
 exception-handling pages)

---
 app/templates/error_access_denied.j2 | 2 +-
 app/templates/sco_value_error.j2     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/templates/error_access_denied.j2 b/app/templates/error_access_denied.j2
index c14a2c8a1..46793cea6 100644
--- a/app/templates/error_access_denied.j2
+++ b/app/templates/error_access_denied.j2
@@ -6,7 +6,7 @@
 
 <h2>Accès non autorisé</h2>
 
-{{ exc | safe }}
+{{ exc }}
 
 <p class="footer">
     {% if g.scodoc_dept %}
diff --git a/app/templates/sco_value_error.j2 b/app/templates/sco_value_error.j2
index 027e6aa68..6fa329c7b 100644
--- a/app/templates/sco_value_error.j2
+++ b/app/templates/sco_value_error.j2
@@ -5,7 +5,7 @@
 
 <h2>Erreur !</h2>
 
-{{ exc | safe }}
+{{ exc }}
 
 <div style="margin-top: 16px;">
     {% if g.scodoc_dept %}
-- 
GitLab