Opened 16 years ago
Closed 16 years ago
#11502 closed (fixed)
Wrong escaping in admin
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | contrib.admin | Version: | dev |
| Severity: | Keywords: | ||
| Cc: | tomasz.elendt@…, rlaager@… | Triage Stage: | Accepted |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description ¶
There are some places (I found two of them) in Django's admin where querystrings used in templates are marked as safe, which prevents them from auto-escaping. In effect there's unescaped ampersand, when there's more than one variable in querystring. It's hard for me to instruct how to reproduce this bug - IMHO the easiest way is to set your DEFAULT_CONTENT_TYPE to 'application/xhtml+xml' and click through the change list page of the admin (date_hierarchy menu, paginator).
There are also some formatting issues (e.g. some very long lines) in admin_list.py.
Change History (7)
by , 16 years ago
| Attachment: | admin_querysting_escaping.diff added |
|---|
by , 16 years ago
| Attachment: | admin_escaping.diff added |
|---|
comment:1 by , 16 years ago
| Cc: | added |
|---|
comment:2 by , 16 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|
comment:3 by , 16 years ago
comment:4 by , 16 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Pulled changes from #11583