From 3549d848062886b8aed83fc65a8e04d3a7976091 Mon Sep 17 00:00:00 2001
From: Todd Dembrey <todd.dembrey@torchbox.com>
Date: Fri, 10 Aug 2018 09:41:40 +0100
Subject: [PATCH] Use format_html incase the lead has a bad name

---
 opentech/apply/funds/tables.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/opentech/apply/funds/tables.py b/opentech/apply/funds/tables.py
index 05946078b..1497755a9 100644
--- a/opentech/apply/funds/tables.py
+++ b/opentech/apply/funds/tables.py
@@ -3,6 +3,7 @@ import textwrap
 from django import forms
 from django.contrib.auth import get_user_model
 from django.db.models import OuterRef, Subquery, F, Q
+from django.utils.html import format_html
 from django.utils.text import mark_safe, slugify
 
 import django_filters as filters
@@ -54,7 +55,7 @@ class SubmissionsTable(tables.Table):
         return value.get_full_name()
 
     def render_phase(self, value):
-        return mark_safe(f'<span>{ value }</span>')
+        return format_html('<span>{}</span>', value)
 
     def render_comments(self, value):
         request = self.context['request']
@@ -81,7 +82,7 @@ class AdminSubmissionsTable(SubmissionsTable):
         sequence = fields + ('comments',)
 
     def render_lead(self, value):
-        return mark_safe(f'<span>{ value }</span>')
+        return format_html('<span>{}</span>', value)
 
 
 def get_used_rounds(request):
-- 
GitLab