Fix a couple of escaping bugs discovered during code review of RSS patch.

2 files changed, 4 insertions, 4 deletions

diff --git a/template/commitfest_activity.tt2 b/template/commitfest_activity.tt2
index 358f2e9..d603851 100644
--- a/template/commitfest_activity.tt2
+++ b/template/commitfest_activity.tt2
@@ -13,10 +13,10 @@
 [% FOREACH a = activity %]
 <tr[% IF loop.last %] class='lastrow'[% END %]>
   <td class='colFirstT'>[% a.last_updated_time %]</td>
-  <td class='colMidT'>[% a.last_updater %]</td>
+  <td class='colMidT'>[% a.last_updater | htmlsafe %]</td>
   <td>[% IF a.patch_id.defined %]<a href='/https/git.postgresql.org/action/patch_view?id=[% a.patch_id %]'>[% END %][% a.patch_name | htmlsafe %][% IF a.patch_id.defined %]</a>[% END %]</td>
-  <td class='colMidT'>[% a.activity_type | html %]</td>
-  <td class='colLastT'>[% a.details %]</td>
+  <td class='colMidT'>[% a.activity_type | htmlsafe %]</td>
+  <td class='colLastT'>[% a.details | htmlsafe %]</td>
 </tr>
 [% END %]
 </table>
diff --git a/template/header.tt2 b/template/header.tt2
index 2ab304b..4fd8018 100644
--- a/template/header.tt2
+++ b/template/header.tt2
@@ -27,7 +27,7 @@
 <div id="commitfestContent">
 	<table cellspacing='0' cellpadding='0' border='0' width='100%'>
 		<tr>
-			<td><h1>[% title %]</h1></td>
+			<td><h1>[% title | htmlsafe %]</h1></td>
 			[% IF link.size != 0 %]<td style='text-align: right; padding-left: 10px'>[% FOREACH l = link %]<a href='[% l.0 %]'[% IF l.2.defined %] onClick='return confirm("[% l.2 | htmlsafe %]")'[% END %]>[% l.1 | html %]</a>[% IF !loop.last %] - [% END %][% END %]</td>[% END %]
 		</tr>
 	</table>