diff --git a/evap/staff/importers/user.py b/evap/staff/importers/user.py
index d385918ba9..6ab2d5dd4b 100644
--- a/evap/staff/importers/user.py
+++ b/evap/staff/importers/user.py
@@ -6,7 +6,7 @@
from django.core.exceptions import ValidationError
from django.db import transaction
from django.db.models import Q
-from django.utils.html import format_html
+from django.utils.html import escape, format_html
from django.utils.translation import gettext as _
from django.utils.translation import ngettext
@@ -199,9 +199,9 @@ def finalize(self) -> None:
def _add_user_data_mismatch_warning(self, user: UserProfile, user_data: UserData):
if self.test_run:
- msg = format_html(_("The existing user would be overwritten with the following data:"))
+ msg = escape(_("The existing user would be overwritten with the following data:"))
else:
- msg = format_html(_("The existing user was overwritten with the following data:"))
+ msg = escape(_("The existing user was overwritten with the following data:"))
msg = (
msg
@@ -227,7 +227,7 @@ def _add_user_inactive_warning(self, user: UserProfile):
self.importer_log.add_warning(msg, category=ImporterLogEntry.Category.INACTIVE)
def _add_user_name_collision_warning(self, user_data: UserData, users_with_same_names: Iterable[UserProfile]):
- msg = format_html(_("A user in the import file has the same first and last name as an existing user:"))
+ msg = escape(_("A user in the import file has the same first and last name as an existing user:"))
for user in users_with_same_names:
msg += format_html("
- {} ({})", self._create_user_string(user), _("existing"))
msg += format_html("
- {} ({})", self._create_user_string(user_data), _("import"))
diff --git a/requirements.txt b/requirements.txt
index 7fb1b3a2ab..0bb2ad2022 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,6 @@
django-extensions==3.2.3
django-fsm==2.8.1
-django~=4.2.0
+django~=5.0
mozilla-django-oidc==3.0.0
openpyxl==3.1.2
psycopg2-binary==2.9.9