Ticket #11502: django_escaping.diff
| File django_escaping.diff, 1.6 KB (added by , 15 years ago) |
|---|
-
django/contrib/admin/templatetags/admin_list.py
265 265 day_lookup = cl.params.get(day_field) 266 266 year_month_format, month_day_format = get_partial_date_formats() 267 267 268 link = lambda d: mark_safe(cl.get_query_string(d, [field_generic]))268 link = lambda d: cl.get_query_string(d, [field_generic]) 269 269 270 270 if year_lookup and month_lookup and day_lookup: 271 271 day = datetime.date(int(year_lookup), int(month_lookup), int(day_lookup)) -
django/contrib/admin/widgets.py
7 7 from django import forms 8 8 from django.forms.widgets import RadioFieldRenderer 9 9 from django.forms.util import flatatt 10 from django.utils.html import escape 10 11 from django.utils.text import truncate_words 11 12 from django.utils.translation import ugettext as _ 12 13 from django.utils.safestring import mark_safe … … 148 149 def label_for_value(self, value): 149 150 key = self.rel.get_related_field().name 150 151 obj = self.rel.to._default_manager.get(**{key: value}) 151 return ' <strong>%s</strong>' % truncate_words(obj, 14)152 return ' <strong>%s</strong>' % escape(truncate_words(obj, 14)) 152 153 153 154 class ManyToManyRawIdWidget(ForeignKeyRawIdWidget): 154 155 """