id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
2006	django admin doesn't quote str()-output in templates.	mhf@…	Adrian Holovaty	"When the admin site uses a models __str__()-method, it doesn't html-quote it.
For example:

    def __str__(self):
        return '%s <%s>' %(self.name, self.email)

would show up in the admin site as just the name, because my browser thinks <email> is a bad tag."	defect	new	Admin interface		minor				Unreviewed	1	0	0	0	0	0