Fixes #10089: linkify template filter should escape object representation

docs/release-notes/version-3.3.md

@@ -10,6 +10,7 @@
 
 * [#10040](https://github.com/netbox-community/netbox/issues/10040) - Fix exception when ordering prefixes by flat representation
 * [#10053](https://github.com/netbox-community/netbox/issues/10053) - Custom fields header should not be displayed when editing circuit terminations with no custom fields
+* [#10089](https://github.com/netbox-community/netbox/issues/10089) - `linkify` template filter should escape object representation
 
 ---
 

netbox/utilities/templatetags/builtins/filters.py

@@ -5,7 +5,7 @@ import re
 import yaml
 from django import template
 from django.contrib.contenttypes.models import ContentType
-from django.utils.html import strip_tags
+from django.utils.html import escape
 from django.utils.safestring import mark_safe
 from markdown import markdown
 
@@ -35,7 +35,7 @@ def linkify(instance, attr=None):
     text = getattr(instance, attr) if attr is not None else str(instance)
     try:
         url = instance.get_absolute_url()
-        return mark_safe(f'<a href="{url}">{text}</a>')
+        return mark_safe(f'<a href="{url}">{escape(text)}</a>')
     except (AttributeError, TypeError):
         return text