From 584d3d7eb9fabd40ccf63180d807b7c189e3ce2c Mon Sep 17 00:00:00 2001
From: Dirk Alders <dirk@mount-mockery.de>
Date: Sun, 10 Nov 2024 18:39:10 +0100
Subject: [PATCH] Added escaped page source in Meta page

---
 pages/models.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pages/models.py b/pages/models.py
index 317f4b2..e8701e2 100644
--- a/pages/models.py
+++ b/pages/models.py
@@ -1,6 +1,7 @@
 from django.conf import settings
 from django.contrib.auth.models import User, Group
 from django.db import models
+from django.utils.html import escape
 from django.utils.translation import gettext as _
 from simple_history.models import HistoricalRecords
 
@@ -160,7 +161,7 @@ class PikiPage(models.Model):
         else:
             appendix = "<h1>" + _("Page source") + "</h1>\n"
             appendix += "<pre>\n"
-            appendix += self.page_txt
+            appendix += escape(self.page_txt)
             appendix += "</pre>\n"
 
         #