Django

Code

Changeset 6704

Show
Ignore:
Timestamp:
11/19/07 19:37:16 (1 year ago)
Author:
mtredinnick
Message:

Fixed #5974 -- Added autoescaping for source code lines and local variables in
technical debug page.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • django/trunk/django/views/debug.py

    r6671 r6704  
    423423            <div class="context" id="c{{ frame.id }}"> 
    424424              {% if frame.pre_context %} 
    425                 <ol start="{{ frame.pre_context_lineno }}" class="pre-context" id="pre{{ frame.id }}">{% for line in frame.pre_context %}<li onclick="toggle('pre{{ frame.id }}', 'post{{ frame.id }}')">{{ line }}</li>{% endfor %}</ol> 
     425                <ol start="{{ frame.pre_context_lineno }}" class="pre-context" id="pre{{ frame.id }}">{% for line in frame.pre_context %}<li onclick="toggle('pre{{ frame.id }}', 'post{{ frame.id }}')">{{ line|escape }}</li>{% endfor %}</ol> 
    426426              {% endif %} 
    427               <ol start="{{ frame.lineno }}" class="context-line"><li onclick="toggle('pre{{ frame.id }}', 'post{{ frame.id }}')">{{ frame.context_line }} <span>...</span></li></ol> 
     427              <ol start="{{ frame.lineno }}" class="context-line"><li onclick="toggle('pre{{ frame.id }}', 'post{{ frame.id }}')">{{ frame.context_line|escape }} <span>...</span></li></ol> 
    428428              {% if frame.post_context %} 
    429                 <ol start='{{ frame.lineno|add:"1" }}' class="post-context" id="post{{ frame.id }}">{% for line in frame.post_context %}<li onclick="toggle('pre{{ frame.id }}', 'post{{ frame.id }}')">{{ line }}</li>{% endfor %}</ol> 
     429                <ol start='{{ frame.lineno|add:"1" }}' class="post-context" id="post{{ frame.id }}">{% for line in frame.post_context %}<li onclick="toggle('pre{{ frame.id }}', 'post{{ frame.id }}')">{{ line|escape }}</li>{% endfor %}</ol> 
    430430              {% endif %} 
    431431            </div> 
     
    446446                {% for var in frame.vars|dictsort:"0" %} 
    447447                  <tr> 
    448                     <td>{{ var.0 }}</td> 
    449                     <td class="code"><div>{{ var.1|pprint }}</div></td> 
     448                    <td>{{ var.0|escape }}</td> 
     449                    <td class="code"><div>{{ var.1|pprint|escape }}</div></td> 
    450450                  </tr> 
    451451                {% endfor %} 
     
    467467  File "{{ frame.filename }}" in {{ frame.function }}<br/> 
    468468  {% if frame.context_line %} 
    469     &nbsp;&nbsp;{{ frame.lineno }}. {{ frame.context_line }}<br/> 
     469    &nbsp;&nbsp;{{ frame.lineno }}. {{ frame.context_line|escape }}<br/> 
    470470  {% endif %} 
    471471{% endfor %}<br/>