lukas/timetracker
1
0
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects 1 Releases 23 Wiki Activity

Fix session-count script rendered as visible text

Browse Source 
_GET_SESSION_COUNT_SCRIPT was a mark_safe string used as a child of the
view_game content tree. Under the "only Safe nodes render unescaped" rule, a
mark_safe *string* child is escaped — so the <script> showed as literal text
on the page. Make it a Safe node (and drop the now-unused mark_safe import).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Lukáš Kucharczyk
2026-06-13 22:17:10 +02:00
parent 138136e285
commit 3fb9aa9f84
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
games/views/game.py
+2 -2
View File
@@ -8,7 +8,7 @@ from django.middleware.csrf import get_token
from django.shortcuts import get_object_or_404, redirect from django.shortcuts import get_object_or_404, redirect
from django.template.defaultfilters import date as date_filter from django.template.defaultfilters import date as date_filter
from django.urls import reverse from django.urls import reverse
from django.utils.safestring import SafeText, mark_safe from django.utils.safestring import SafeText
from common.components import ( from common.components import (
Fragment, Fragment,
@@ -791,7 +791,7 @@ def _history_section(game: Game) -> SafeText:
) )
_GET_SESSION_COUNT_SCRIPT = mark_safe( _GET_SESSION_COUNT_SCRIPT = Safe(
"<script>\n" "<script>\n"
" function getSessionCount() {\n" " function getSessionCount() {\n"
" return document.getElementById('session-count')" " return document.getElementById('session-count')"