Django

Code

Changeset 7521

Show
Ignore:
Timestamp:
05/10/08 08:19:19 (6 days ago)
Author:
russellm
Message:

Removed mark_safe from the saved request path on the admin login form. This prevents a potential XSS attack. Formal announcement will be forthcoming.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • django/trunk/django/contrib/admin/views/decorators.py

    r7153 r7521  
    3030    return render_to_response('admin/login.html', { 
    3131        'title': _('Log in'), 
    32         'app_path': mark_safe(request.path)
     32        'app_path': request.path
    3333        'post_data': post_data, 
    3434        'error_message': error_message