Escape invalid html in SQL queries.

For example, a query containing a stray ampersand needs to be escaped.

Signed-off-by: Rob Hudson <[email protected]>

Author: g2p

debug_toolbar/panels/sql.py

@@ -197,7 +197,7 @@ def process(self, stack, stream):
             is_keyword = token_type in sqlparse.tokens.Keyword
             if is_keyword:
                 yield sqlparse.tokens.Text, '<strong>'
-            yield token_type, value
+            yield token_type, django.utils.html.escape(value)
             if is_keyword:
                 yield sqlparse.tokens.Text, '</strong>'