From 340ed59b15446db0d9276066e053373cb2a646b6 Mon Sep 17 00:00:00 2001
From: Damien Elmes <git@ichi2.net>
Date: Thu, 11 Apr 2013 14:38:31 +0900
Subject: [PATCH] escape HTML when showing errors (#828)

---
 aqt/errors.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/aqt/errors.py b/aqt/errors.py
index 7a3d7ece9..0f5d66cc7 100644
--- a/aqt/errors.py
+++ b/aqt/errors.py
@@ -4,6 +4,7 @@
 
 from aqt.qt import *
 import sys
+import cgi
 from aqt.utils import showText, showWarning
 
 class ErrorHandler(QObject):
@@ -43,7 +44,7 @@ class ErrorHandler(QObject):
         self.timer.start()
 
     def onTimeout(self):
-        error = self.pool
+        error = cgi.escape(self.pool)
         self.pool = ""
         self.mw.progress.clear()
         if "abortSchemaMod" in error: