id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
11502	Wrong escaping in admin	Tomasz Elendt <tomasz.elendt@…>	nobody	"There are some places (I found two of them) in Django's admin where querystrings used in templates are marked as safe, which prevents them from auto-escaping. In effect there's unescaped ampersand, when there's more than one variable in querystring. It's hard for me to instruct how to reproduce this bug - IMHO the easiest way is to set your `DEFAULT_CONTENT_TYPE` to `'application/xhtml+xml'` and click through the change list page of the admin (date_hierarchy menu, paginator).

There are also some formatting issues (e.g. some very long lines) in `admin_list.py`."		closed	contrib.admin	dev		fixed		tomasz.elendt@… rlaager@…	Accepted	1	0	0	0	0	0