Fix XSS js injection

cas_server/views.py

@@ -23,6 +23,7 @@ from django.views.decorators.csrf import csrf_exempt
 from django.middleware.csrf import CsrfViewMiddleware
 from django.views.generic import View
 from django.utils.encoding import python_2_unicode_compatible
+from django.utils.safestring import mark_safe
 
 import re
 import logging
@@ -181,24 +182,24 @@ class LogoutView(View, LogoutMixin):
         else:
             # build logout message depending of the number of sessions the user logs out
             if session_nb == 1:
-                logout_msg = _(
+                logout_msg = mark_safe(_(
                     "<h3>Logout successful</h3>"
                     "You have successfully logged out from the Central Authentication Service. "
                     "For security reasons, close your web browser."
-                )
+                ))
             elif session_nb > 1:
-                logout_msg = _(
+                logout_msg = mark_safe(_(
                     "<h3>Logout successful</h3>"
-                    "You have successfully logged out from %s sessions of the Central "
+                    "You have successfully logged out from %d sessions of the Central "
                     "Authentication Service. "
                     "For security reasons, close your web browser."
-                ) % session_nb
+                ) % session_nb)
             else:
-                logout_msg = _(
+                logout_msg = mark_safe(_(
                     "<h3>Logout successful</h3>"
                     "You were already logged out from the Central Authentication Service. "
                     "For security reasons, close your web browser."
-                )
+                ))
 
             # depending of settings, redirect to the login page with a logout message or display
             # the logout page. The default is to display tge logout page.