From 29e33c9162fcc00b34d493e3a4a9f319e8966bd5 Mon Sep 17 00:00:00 2001
From: Kerstin Humm <kerstin@erictapen.name>
Date: Fri, 21 Mar 2025 12:35:32 +0100
Subject: [PATCH] overview: don't escape option descriptions

This puts us at risk of XSS by an attacker submitting malicious option
descriptions to Nixpkgs/NGIpkgs. At the same time the xml escaping fucks
up some description texts, as what we'd actually need is Markdown
escaping.
---
 overview/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/overview/default.nix b/overview/default.nix
index d950cb1c0..d5ab96510 100644
--- a/overview/default.nix
+++ b/overview/default.nix
@@ -84,7 +84,7 @@ let
             <table>
               <tr>
                 <td>Description:</td>
-                <td>${lib.escapeXML option.description}</td>
+                <td>${option.description}</td>
               </tr>
               <tr>
                 <td>Type:</td>