# HG changeset patch
# User Marcin Kuzminski <marcin@rhodecode.com>
# Date 2018-09-03 10:18:46
# Node ID 7441eff4e03c3ad685619662110d79100b6f8602
# Parent  c4ee2d0b3467b665906c1ee54e63ab619e4ade90

forks: prevent XSS in datagrid of forks data.

diff --git a/rhodecode/apps/repository/views/repo_forks.py b/rhodecode/apps/repository/views/repo_forks.py
--- a/rhodecode/apps/repository/views/repo_forks.py
+++ b/rhodecode/apps/repository/views/repo_forks.py
@@ -155,7 +155,7 @@ class RepoForksView(RepoAppView, DataGri
             forks_data.append({
                 "username": h.gravatar_with_user(self.request, fork.user.username),
                 "fork_name": fork_name(fork),
-                "description": fork.description,
+                "description": fork.description_safe,
                 "fork_date": h.age_component(fork.created_on, time_is_local=True),
                 "last_activity": h.format_date(fork.updated_on),
                 "action": fork_actions(fork),