From b647581115b601459962ae66a6898a9b6c483c9b Mon Sep 17 00:00:00 2001
From: Preston Maness <aggroskater@gmail.com>
Date: Mon, 25 Jan 2021 20:47:57 -0600
Subject: [PATCH] Update archivebox/index/html.py

mark_safe is dangerous, as the URL's filename could have malicious HTML fragments in it.

Co-authored-by: Nick Sweeting <git@sweeting.me>
---
 archivebox/index/html.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/archivebox/index/html.py b/archivebox/index/html.py
index 6db8435c..27940cb2 100644
--- a/archivebox/index/html.py
+++ b/archivebox/index/html.py
@@ -161,4 +161,4 @@ def snapshot_icons(snapshot) -> str:
             output += '<a href="{}" class="exists-{}" title="{}">{}</a> '.format(canon["archive_org_path"], str(exists),
                                                                                         "archive_org", icons.get("archive_org", "?"))
 
-    return format_html('<span class="files-icons" style="font-size: 1.1em; opacity: 0.8">{}<span>', mark_safe(output))
+    return format_html('<span class="files-icons" style="font-size: 1.1em; opacity: 0.8">{}<span>', output)