From 83b312ea1a3990fb59d2e6e9b2e5c146889cc0b0 Mon Sep 17 00:00:00 2001
From: Gabriel
Date: Fri, 22 Jan 2010 16:49:54 +0100
Subject: Escape invalid html in SQL queries.

For example, a query containing a stray ampersand needs to be escaped.

Signed-off-by: Rob Hudson <rob@cogit8.org>
---
 debug_toolbar/panels/sql.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debug_toolbar/panels/sql.py b/debug_toolbar/panels/sql.py
index 1ac8445..e1e9bdf 100644
--- a/debug_toolbar/panels/sql.py
+++ b/debug_toolbar/panels/sql.py
@@ -197,7 +197,7 @@ class BoldKeywordFilter(sqlparse.filters.Filter):
             is_keyword = token_type in sqlparse.tokens.Keyword
             if is_keyword:
                 yield sqlparse.tokens.Text, '<strong>'
-            yield token_type, value
+            yield token_type, django.utils.html.escape(value)
             if is_keyword:
                 yield sqlparse.tokens.Text, '</strong>'
 
-- 
cgit v1.2.3