mirror of
https://github.com/pallets-eco/flask-debugtoolbar.git
synced 2026-05-04 07:19:08 -05:00
Matt Good
7557ee6794
The SQL queries were displayed with the `safe` filter which allowed properly including the Pygments-highlighted HTML, but if Pygments wasn't installed this allowed the raw SQL to be included without escaping. This change removes the `safe` filter and instead wraps the Pygments HTML with the `Markup` class. This allows proper auto-escaping in the template. Fixes #70
32 lines
1.0 KiB
HTML
32 lines
1.0 KiB
HTML
<table>
|
|
<thead>
|
|
<tr>
|
|
<th> (ms)</th>
|
|
<th>Action</th>
|
|
<th>Context</th>
|
|
<th>Query</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
{% for query in queries %}
|
|
<tr class="{{ loop.cycle('flDebugOdd', 'flDebugEven') }}">
|
|
<td>{{ '%.4f'|format(query.duration * 1000) }}</td>
|
|
<td>
|
|
{% if query.signed_query %}
|
|
<a class="remoteCall" href="/_debug_toolbar/views/sqlalchemy/sql_select?query={{ query.signed_query }}&duration={{ query.duration|urlencode }}">SELECT</a><br />
|
|
<a class="remoteCall" href="/_debug_toolbar/views/sqlalchemy/sql_explain?query={{ query.signed_query }}&duration={{ query.duration|urlencode }}">EXPLAIN</a><br />
|
|
{% endif %}
|
|
</td>
|
|
<td title="{{ query.context_long }}">
|
|
{{ query.context }}
|
|
</td>
|
|
<td class="syntax">
|
|
<div class="flDebugSqlWrap">
|
|
<div class="flDebugSql">{{ query.sql }}</div>
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
{% endfor %}
|
|
</tbody>
|
|
</table>
|