escape row and bulk actions form value in template (#615)

Author: jowilf

starlette_admin/__init__.py

@@ -1,4 +1,4 @@
-__version__ = "0.15.0rc3"
+__version__ = "0.15.0rc4"
 
 from ._types import ExportType as ExportType
 from ._types import RequestAction as RequestAction

starlette_admin/templates/actions.html

@@ -24,7 +24,7 @@
                data-name="{{ action.name }}"
                data-submit-btn-text="{{ action.submit_btn_text }}"
                data-submit-btn-class="{{ action.submit_btn_class }}"
-               data-form="{{ action.form }}"
+               data-form="{{ action.form |forceescape }}"
             >
                 {% if action.icon_class %}
                     <i class="{{ action.icon_class }} me-2"></i>

starlette_admin/templates/row-actions.html

@@ -15,7 +15,7 @@
         {% endif %}
         data-submit-btn-text="{{ action.submit_btn_text }}"
         data-submit-btn-class="{{ action.submit_btn_class }}"
-        data-form="{{ action.form }}"
+        data-form="{{ action.form |forceescape }}"
     {% endif %}
     data-is-row-action="true"
     data-name="{{ action.name }}"