Use of calendar input as safe

While trying to add another calendar to SIPA, I found that we use the 'safe' keyword for the link. This should be validated at some point, otherwise an active member could launch a [stored XSS attack](https://en.wikipedia.org/wiki/Cross-site_scripting). [line](https://github.com/agdsn/sipa/blob/454987dfd8ca45570c2283722b69d942e78631fc/sipa/utils/__init__.py#L138), [also](https://github.com/agdsn/sipa/blob/03ac202579cc3f2855485ba16821e3f279f71f58/sipa/templates/macros/meetingcal.html#L7)

## Solution 
I suggest treading the user input as malicious and removing the rendering via passing the url to flask instate of putting Markdown into a cal entry and later converting this to html. 
so at the end the `safe` should be removed 

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use of calendar input as safe #511

Solution

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Use of calendar input as safe #511

Description

Solution

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions