From 0e453a085a6e3249260fea7678a064b165e2bd6f Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew-github@dracos.co.uk>
Date: Tue, 23 Apr 2019 16:58:02 +0100
Subject: Escape body name in admin title.

---
 CHANGELOG.md                                  | 1 +
 templates/web/base/admin/bodies/body.html     | 3 ++-
 templates/web/base/admin/bodies/category.html | 3 ++-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 40e554cc3..16541c16a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -40,6 +40,7 @@
         - Fix extra question display when only one category.
         - Fix superusers creating anonymous reports. #2435
         - Ensure non_public reports aren't exposed at /open311 endpoint.
+        - Escape body name in admin title.
     - Development improvements:
         - Make front page cache time configurable.
         - Better working of /fakemapit/ under https.
diff --git a/templates/web/base/admin/bodies/body.html b/templates/web/base/admin/bodies/body.html
index afd2eff46..8f298676e 100644
--- a/templates/web/base/admin/bodies/body.html
+++ b/templates/web/base/admin/bodies/body.html
@@ -1,4 +1,5 @@
-[% INCLUDE 'admin/header.html' title=tprintf(loc('Council contacts for %s'), body.name) -%]
+[% body_name = body.name | html;
+   INCLUDE 'admin/header.html' title=tprintf(loc('Council contacts for %s'), body_name) -%]
 [% PROCESS 'admin/report_blocks.html' %]
 
 [% IF updated %]
diff --git a/templates/web/base/admin/bodies/category.html b/templates/web/base/admin/bodies/category.html
index 2f789ed81..de8cb19ec 100644
--- a/templates/web/base/admin/bodies/category.html
+++ b/templates/web/base/admin/bodies/category.html
@@ -1,4 +1,5 @@
-[% INCLUDE 'admin/header.html' title=tprintf(loc('Council contacts for %s'), body.name) -%]
+[% body_name = body.name | html;
+   INCLUDE 'admin/header.html' title=tprintf(loc('Council contacts for %s'), body_name) -%]
 
 [% BLOCK highlightchanged_yesno %]
 [%- output = loc('No') %]
-- 
cgit v1.2.3