diff --git a/hypha/apply/stream_forms/blocks.py b/hypha/apply/stream_forms/blocks.py index d4442b6158391baf27251a0f4fccb2c5e4cf71a5..735c311c0a4c2622dd63c911df0649bf4664d75e 100644 --- a/hypha/apply/stream_forms/blocks.py +++ b/hypha/apply/stream_forms/blocks.py @@ -8,6 +8,7 @@ from django.db.models import BLANK_CHOICE_DASH from django.forms.widgets import ClearableFileInput from django.utils.dateparse import parse_datetime from django.utils.encoding import force_str +from django.utils.html import conditional_escape from django.utils.text import slugify from django.utils.translation import gettext_lazy as _ from django_bleach.templatetags.bleach_tags import bleach_value @@ -55,7 +56,7 @@ class FormFieldBlock(StructBlock): def get_field_kwargs(self, struct_value): kwargs = { 'label': struct_value['field_label'], - 'help_text': struct_value['help_text'], + 'help_text': conditional_escape(struct_value['help_text']), 'required': struct_value.get('required', False) } if 'default_value' in struct_value: diff --git a/requirements.txt b/requirements.txt index fe26c1eae14d2a68c2950bfdbb6ef6bc0ad4ae6d..51b96c4c27a0e2201a6c3e64d200664966dc9f97 100644 --- a/requirements.txt +++ b/requirements.txt @@ -38,6 +38,6 @@ psycopg2==2.8.5 reportlab==3.5.34 social_auth_app_django==3.1.0 tomd==0.1.3 -wagtail==2.9.2 +wagtail==2.9.3 wagtail-cache==1.0.0 whitenoise==5.1.0