Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#10717 closed (fixed)

{% admin_media_prefix %} needs escaping

Reported by: liangent Owned by: SmileyChris
Component: contrib.admin Version: 1.0
Severity: Keywords: liangent@gmail.com
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

in case that there are special symbols such as quotes in it.

Attachments (1)

10717.diff (642 bytes) - added by SmileyChris 6 years ago.

Download all attachments as: .zip

Change History (7)

comment:1 Changed 6 years ago by liangent

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

i think {% url %} also needs this, but i didn't check code to make sure if {% url %} already has it.

comment:2 Changed 6 years ago by SmileyChris

No, {% url %} handles it fine (it uses reverse which in-turn uses iri_to_uri)

Changed 6 years ago by SmileyChris

comment:3 Changed 6 years ago by SmileyChris

  • Owner changed from nobody to SmileyChris
  • Status changed from new to assigned

comment:4 Changed 6 years ago by SmileyChris

  • Has patch set
  • Triage Stage changed from Unreviewed to Ready for checkin

comment:5 Changed 6 years ago by jezdez

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [12140]) Fixed #10717 - Escape result of admin_media_prefix template tag.

comment:6 Changed 6 years ago by jezdez

(In [12239]) [1.1.X] Fixed #10717 - Escape result of admin_media_prefix template tag.

Note: See TracTickets for help on using tickets.
Back to Top