Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#11583 closed (duplicate)

Incomplete HTML Escaping

Reported by: rlaager@… Owned by: nobody
Component: Uncategorized Version: 1.0
Severity: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: UI/UX:

Description

The attached patch addresses two cases of incomplete HTML escaping.

Attachments (1)

11583-escaping.diff (1.5 KB) - added by rlaager@… 6 years ago.

Download all attachments as: .zip

Change History (7)

Changed 6 years ago by rlaager@…

comment:1 Changed 6 years ago by anonymous

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

The change in templatetags/admin_list.py corrects escaping in the pagination. It wasn't escaping the ampersand if you had a filter applied. The change to widgets.py addresses a case where I had a raw_id_field with a related model having a unicode representation that included an ampersand.

comment:2 Changed 6 years ago by russellm

  • Patch needs improvement set

Could you please generate patches relative to the root of the Django source tree - as it is, we have to try and work out where this patch applies.

comment:3 follow-up: Changed 6 years ago by anonymous

First change in admin_list.py is the same as one of mine in #11502. I believe I made my patch correctly.

comment:4 Changed 6 years ago by Tomasz Elendt <tomasz.elendt@…>

Ok. I also pulled the second change (in widgets.py) to my patch.

comment:5 in reply to: ↑ 3 ; follow-up: Changed 6 years ago by kmtracey

  • Resolution set to duplicate
  • Status changed from new to closed

Replying to anonymous:

First change in admin_list.py is the same as one of mine in #11502. I believe I made my patch correctly.

No, it's not correct -- the diff isn't from the root of the django tree. The first file here is listed simply as "templatetags/admin_list.py", but there is no "templatetags" directory in the root of the django tree, so whoever goes to apply the patch has to find the right place within the django tree (presumably django/contrib/admin) to apply the diff. It's better if the person applying the patch doesn't have to guess where it goes.

As the fix here is now entirely duplicated by the latest patch for #11502, which is relative to django root, I'm closing this one in favor of that one.

comment:6 in reply to: ↑ 5 Changed 6 years ago by Tomasz Elendt <tomasz.elendt@…>

Replying to kmtracey:

Replying to anonymous:

First change in admin_list.py is the same as one of mine in #11502. I believe I made my patch correctly.

No, it's not correct -- the diff isn't from the root of the django tree. The first file here is listed simply as "templatetags/admin_list.py", but there is no "templatetags" directory in the root of the django tree, so whoever goes to apply the patch has to find the right place within the django tree (presumably django/contrib/admin) to apply the diff. It's better if the person applying the patch doesn't have to guess where it goes.

As the fix here is now entirely duplicated by the latest patch for #11502, which is relative to django root, I'm closing this one in favor of that one.

Sorry, that was me in comment no. 3 — I forgot to sign my name. And I was thinking about my patch (in ticket #11502).

Note: See TracTickets for help on using tickets.
Back to Top