From 6c42fa79857901ddc1c7044d4478f52a6b454014 Mon Sep 17 00:00:00 2001
From: Jan Szejko <janek37@gmail.com>
Date: Fri, 17 Feb 2017 16:49:53 +0100
Subject: [PATCH] escape author for history

---
 apps/wiki/views.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/apps/wiki/views.py b/apps/wiki/views.py
index 1b16077f..5128b569 100644
--- a/apps/wiki/views.py
+++ b/apps/wiki/views.py
@@ -15,6 +15,7 @@ from django.middleware.gzip import GZipMiddleware
 from django.utils.decorators import decorator_from_middleware
 from django.utils.encoding import smart_unicode
 from django.utils.formats import localize
+from django.utils.html import escape
 from django.utils.translation import ugettext as _
 from django.views.decorators.http import require_POST
 from django.shortcuts import get_object_or_404, render
@@ -41,7 +42,7 @@ def get_history(document):
         revisions.append({
             "version": i + 1,
             "description": revision.description,
-            "author": revision.author_str(),
+            "author": escape(revision.author_str()),
             "date": localize(revision.created_at),
             "revision": revision.pk,
             "published": _("Published") + ": " +
-- 
2.20.1