Opened 15 years ago

Closed 15 years ago

Last modified 15 years ago

#11583 closed (duplicate)

Incomplete HTML Escaping

Reported by: rlaager@… Owned by: nobody
Component: Uncategorized Version: 1.0
Severity: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description

The attached patch addresses two cases of incomplete HTML escaping.

Attachments (1)

11583-escaping.diff (1.5 KB ) - added by rlaager@… 15 years ago.

Download all attachments as: .zip

Change History (7)

by rlaager@…, 15 years ago

Attachment: 11583-escaping.diff added

comment:1 by anonymous, 15 years ago

The change in templatetags/admin_list.py corrects escaping in the pagination. It wasn't escaping the ampersand if you had a filter applied. The change to widgets.py addresses a case where I had a raw_id_field with a related model having a unicode representation that included an ampersand.

comment:2 by Russell Keith-Magee, 15 years ago

Patch needs improvement: set

Could you please generate patches relative to the root of the Django source tree - as it is, we have to try and work out where this patch applies.

comment:3 by anonymous, 15 years ago

First change in admin_list.py is the same as one of mine in #11502. I believe I made my patch correctly.

comment:4 by Tomasz Elendt <tomasz.elendt@…>, 15 years ago

Ok. I also pulled the second change (in widgets.py) to my patch.

in reply to:  3 ; comment:5 by Karen Tracey, 15 years ago

Resolution: duplicate
Status: newclosed

Replying to anonymous:

First change in admin_list.py is the same as one of mine in #11502. I believe I made my patch correctly.

No, it's not correct -- the diff isn't from the root of the django tree. The first file here is listed simply as "templatetags/admin_list.py", but there is no "templatetags" directory in the root of the django tree, so whoever goes to apply the patch has to find the right place within the django tree (presumably django/contrib/admin) to apply the diff. It's better if the person applying the patch doesn't have to guess where it goes.

As the fix here is now entirely duplicated by the latest patch for #11502, which is relative to django root, I'm closing this one in favor of that one.

in reply to:  5 comment:6 by Tomasz Elendt <tomasz.elendt@…>, 15 years ago

Replying to kmtracey:

Replying to anonymous:

First change in admin_list.py is the same as one of mine in #11502. I believe I made my patch correctly.

No, it's not correct -- the diff isn't from the root of the django tree. The first file here is listed simply as "templatetags/admin_list.py", but there is no "templatetags" directory in the root of the django tree, so whoever goes to apply the patch has to find the right place within the django tree (presumably django/contrib/admin) to apply the diff. It's better if the person applying the patch doesn't have to guess where it goes.

As the fix here is now entirely duplicated by the latest patch for #11502, which is relative to django root, I'm closing this one in favor of that one.

Sorry, that was me in comment no. 3 — I forgot to sign my name. And I was thinking about my patch (in ticket #11502).

Note: See TracTickets for help on using tickets.
Back to Top