From ab610638821631d7c350090dcfef6f5d56fec914 Mon Sep 17 00:00:00 2001
From: Henrik Levkowetz <henrik@levkowetz.com>
Date: Mon, 20 Jul 2015 13:49:06 +0000
Subject: [PATCH] Added escaping of changelist content for the /release/ pages.
  - Legacy-Id: 9827

---
 ietf/release/views.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ietf/release/views.py b/ietf/release/views.py
index 1a4b256a9..05865a3dd 100644
--- a/ietf/release/views.py
+++ b/ietf/release/views.py
@@ -7,6 +7,7 @@ from django.template import RequestContext
 from django.shortcuts import render_to_response
 from django.conf import settings
 from django.http import HttpResponse
+from django.utils.html import escape
 
 import changelog
 
@@ -33,7 +34,7 @@ def release(request, version=None):
     entries = dict((entry.version, entry) for entry in log_entries)
     if version == None or version not in entries:
         version = log_entries[0].version
-    entries[version].logentry = trac_links(entries[version].logentry.strip('\n'))
+    entries[version].logentry = trac_links(escape(entries[version].logentry.strip('\n')))
 
     code_coverage_url = None
     code_coverage_time = None