Opened 8 years ago

Closed 7 years ago

Last modified 7 years ago

#10717 closed (fixed)

{% admin_media_prefix %} needs escaping

Reported by: liangent Owned by: Chris Beaven
Component: contrib.admin Version: 1.0
Severity: Keywords: liangent@gmail.com
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

in case that there are special symbols such as quotes in it.

Attachments (1)

10717.diff (642 bytes) - added by Chris Beaven 8 years ago.

Download all attachments as: .zip

Change History (7)

comment:1 Changed 8 years ago by liangent

i think {% url %} also needs this, but i didn't check code to make sure if {% url %} already has it.

comment:2 Changed 8 years ago by Chris Beaven

No, {% url %} handles it fine (it uses reverse which in-turn uses iri_to_uri)

Changed 8 years ago by Chris Beaven

Attachment: 10717.diff added

comment:3 Changed 8 years ago by Chris Beaven

Owner: changed from nobody to Chris Beaven
Status: newassigned

comment:4 Changed 8 years ago by Chris Beaven

Has patch: set
Triage Stage: UnreviewedReady for checkin

comment:5 Changed 7 years ago by Jannis Leidel

Resolution: fixed
Status: assignedclosed

(In [12140]) Fixed #10717 - Escape result of admin_media_prefix template tag.

comment:6 Changed 7 years ago by Jannis Leidel

(In [12239]) [1.1.X] Fixed #10717 - Escape result of admin_media_prefix template tag.

Note: See TracTickets for help on using tickets.
Back to Top