From 4fed1112a6cfa5678f6bc326ce7773b5ea9c2f49 Mon Sep 17 00:00:00 2001
From: j <j@mailb.org>
Date: Fri, 17 Nov 2023 11:22:27 +0100
Subject: [PATCH] description value has bto be escaped

---
 pandora/item/models.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pandora/item/models.py b/pandora/item/models.py
index 01f1bee1..5138feec 100644
--- a/pandora/item/models.py
+++ b/pandora/item/models.py
@@ -260,7 +260,7 @@ class Item(models.Model):
                         d.description = ox.sanitize_html(description[value])
                         d.save()
                 else:
-                    value = data.get(k, self.get(k, ''))
+                    value = ox.escape_html(data.get(k, self.get(k, '')))
                     if not description:
                         description = ''
                     d, created = Description.objects.get_or_create(key=k, value=value)
@@ -1809,6 +1809,8 @@ class Description(models.Model):
     value = models.CharField(max_length=1000, db_index=True)
     description = models.TextField()
 
+    def __str__(self):
+        return "%s=%s" % (self.key, self.value)
 
 class AnnotationSequence(models.Model):
     item = models.OneToOneField('Item', related_name='_annotation_sequence', on_delete=models.CASCADE)