Changeset 6691
- Timestamp:
- 11/18/07 00:51:20 (1 year ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
django/trunk/django/contrib/admin/media/js/admin/RelatedObjectLookups.js
r5689 r6691 1 1 // Handles related-objects functionality: lookup link for raw_id_admin=True 2 2 // and Add Another links. 3 4 function html_unescape(text) { 5 // Unescape a string that was escaped using django.utils.html.escape. 6 text = text.replace(/</g, '<'); 7 text = text.replace(/>/g, '>'); 8 text = text.replace(/"/g, '"'); 9 text = text.replace(/'/g, "'"); 10 text = text.replace(/&/g, '&'); 11 return text; 12 } 3 13 4 14 function showRelatedObjectLookupPopup(triggeringLink) { … … 43 53 44 54 function dismissAddAnotherPopup(win, newId, newRepr) { 55 // newId and newRepr are expected to have previously been escaped by 56 // django.utils.html.escape. 57 newId = html_unescape(newId); 58 newRepr = html_unescape(newRepr); 45 59 var name = win.name.replace(/___/g, '.'); 46 60 var elem = document.getElementById(name); django/trunk/django/contrib/admin/views/main.py
r6675 r6691 274 274 return HttpResponseRedirect(post_url_continue % pk_value) 275 275 if "_popup" in request.POST: 276 if type(pk_value) is str: # Quote if string, so JavaScript doesn't think it's a variable. 277 pk_value = '"%s"' % pk_value.replace('"', '\\"') 278 return HttpResponse('<script type="text/javascript">opener.dismissAddAnotherPopup(window, %s, "%s");</script>' % \ 279 (pk_value, force_unicode(new_object).replace('"', '\\"'))) 276 return HttpResponse('<script type="text/javascript">opener.dismissAddAnotherPopup(window, "%s", "%s");</script>' % \ 277 # escape() calls force_unicode. 278 (escape(pk_value), escape(new_object))) 280 279 elif "_addanother" in request.POST: 281 280 request.user.message_set.create(message=msg + ' ' + (_("You may add another %s below.") % force_unicode(opts.verbose_name)))
