From eca47671552fa5e3a17de7fc8f29b2bf84f5aef8 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Fri, 14 Aug 2020 19:35:21 +0200 Subject: [PATCH] Mark fields in TeX templates as safe --- apps/treasury/models.py | 4 ++-- apps/treasury/templatetags/escape_tex.py | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/apps/treasury/models.py b/apps/treasury/models.py index 9e5c3584..548c3b1e 100644 --- a/apps/treasury/models.py +++ b/apps/treasury/models.py @@ -137,7 +137,7 @@ class Product(models.Model): @property def amount_euros(self): - return self.amount / 100 + return "{:.2f}".format(self.amount / 100) @property def total(self): @@ -145,7 +145,7 @@ class Product(models.Model): @property def total_euros(self): - return self.total / 100 + return "{:.2f}".format(self.total / 100) class Meta: verbose_name = _("product") diff --git a/apps/treasury/templatetags/escape_tex.py b/apps/treasury/templatetags/escape_tex.py index 1be2f51e..bd700943 100644 --- a/apps/treasury/templatetags/escape_tex.py +++ b/apps/treasury/templatetags/escape_tex.py @@ -2,10 +2,11 @@ # SPDX-License-Identifier: GPL-3.0-or-later from django import template +from django.utils.safestring import mark_safe def do_latex_escape(value): - return ( + return mark_safe( value.replace("&", "\\&") .replace("$", "\\$") .replace("%", "\\%")