GitHub/calibre
1
0
Fork 0
mirror of https://github.com/kovidgoyal/calibre.git synced 2026-05-08 10:32:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Escape HTML in legacy details page

Browse Source
This commit is contained in:
Kovid Goyal
2026-04-23 17:12:10 +05:30
parent 091b409e3f
commit 388f978f7d
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/calibre/srv/legacy_book_details.py
+3 -2
View File
@@ -1,5 +1,6 @@
from html import escape
from calibre.library.comments import sanitize_comments_html
from calibre.utils.date import dt_as_local, is_date_undefined, strftime
@@ -37,7 +38,7 @@ def render_legacy_book_details(ctx, mi, library_id):
book_id=book_id,
library_id=library_id
)
fmt = escape(fmt)
links.append(f'<a href="{url}" class="download-button" download="{title}.{fmt.lower()}">Download {fmt}</a>')
formats_html = ' '.join(links)
@@ -178,7 +179,7 @@ def render_legacy_book_details(ctx, mi, library_id):
{metadata_table}
</div>
</div>
{f'<div class="description"><h2>Description</h2>{comments}</div>' if comments else ''}
{f'<div class="description"><h2>Description</h2>{sanitize_comments_html(comments)}</div>' if comments else ''}
</div>
</body>
</html>