From 8141ea87d048a68426a917436e7e582eab9d4893 Mon Sep 17 00:00:00 2001
From: Rebecca Law <rebecca.law@digital.cabinet-office.gov.uk>
Date: Tue, 26 Apr 2016 12:12:47 +0100
Subject: [PATCH] Wrap message in Markup

---
 app/main/views/invites.py | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/app/main/views/invites.py b/app/main/views/invites.py
index 3f5004523..fd93a0cdf 100644
--- a/app/main/views/invites.py
+++ b/app/main/views/invites.py
@@ -6,6 +6,7 @@ from flask import (
     render_template,
     abort
 )
+from markupsafe import Markup
 
 from app.main import main
 
@@ -24,14 +25,16 @@ def accept_invite(token):
     invited_user = invite_api_client.check_token(token)
 
     if not current_user.is_anonymous() and current_user.email_address != invited_user.email_address:
-        flash("""
+        message = Markup("""
             You’re signed in as {}.
             This invite is for another email address.
             {} and click the link again to accept this invite.
-        """.format(
+            """.format(
             current_user.email_address,
-            url_for("main.sign_out", _external=True)
-        ))
+            url_for("main.sign_out", _external=True)))
+
+        flash(message=message)
+
         abort(403)
 
     if invited_user.status == 'cancelled':