# HG changeset patch
# User Daniel Dourvaris <daniel@rhodecode.com>
# Date 2017-07-24 10:49:38
# Node ID 151fcf6c51ed61758913ef271ec2e4d7cb2feb94
# Parent  4566477cf5c11437064f5091f9c48f1a6fe3f772

security: fix self-xss on modifing gist filename.

diff --git a/rhodecode/apps/gist/views.py b/rhodecode/apps/gist/views.py
--- a/rhodecode/apps/gist/views.py
+++ b/rhodecode/apps/gist/views.py
@@ -378,7 +378,7 @@ class GistView(BaseAppView):
             Session().commit()
             h.flash(_('Successfully updated gist data'), category='success')
         except validation_schema.Invalid as errors:
-            errors = errors.asdict()
+            errors = h.escape(errors.asdict())
             h.flash(_('Error occurred during update of gist {}: {}').format(
                 gist_id, errors), category='error')
         except Exception: