mirror of
https://github.com/pallets-eco/flask-debugtoolbar.git
synced 2026-02-12 17:18:38 -06:00
7557ee6794
The SQL queries were displayed with the `safe` filter which allowed properly including the Pygments-highlighted HTML, but if Pygments wasn't installed this allowed the raw SQL to be included without escaping. This change removes the `safe` filter and instead wraps the Pygments HTML with the `Markup` class. This allows proper auto-escaping in the template. Fixes #70