Ticket #2056: history_message_escaping.patch

File history_message_escaping.patch, 871 bytes (added by Chris Beaven, 18 years ago)
  • templates/admin/object_history.html

     
    2424        {% for action in action_list %}
    2525        <tr>
    2626            <th scope="row">{{ action.action_time|date:_("DATE_WITH_TIME_FULL") }}</th>
    27             <td>{{ action.user.username }}{% if action.user.first_name %} ({{ action.user.first_name }} {{ action.user.last_name }}){% endif %}</td>
    28             <td>{{ action.change_message}}</td>
     27            <td>{{ action.user.username|escape }}{% if action.user.first_name %} ({{ action.user.first_name|escape }} {{ action.user.last_name|escape }}){% endif %}</td>
     28            <td>{{ action.change_message|escape }}</td>
    2929        </tr>
    3030        {% endfor %}
    3131        </tbody>
Back to Top