#11583 closed (duplicate)
Incomplete HTML Escaping
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | Uncategorized | Version: | 1.0 |
| Severity: | Keywords: | ||
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | yes |
| Easy pickings: | no | UI/UX: | no |
Description
The attached patch addresses two cases of incomplete HTML escaping.
Attachments (1)
Change History (7)
by , 15 years ago
| Attachment: | 11583-escaping.diff added |
|---|
comment:1 by , 15 years ago
comment:2 by , 15 years ago
| Patch needs improvement: | set |
|---|
Could you please generate patches relative to the root of the Django source tree - as it is, we have to try and work out where this patch applies.
follow-up: 5 comment:3 by , 15 years ago
First change in admin_list.py is the same as one of mine in #11502. I believe I made my patch correctly.
follow-up: 6 comment:5 by , 15 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
Replying to anonymous:
First change in
admin_list.pyis the same as one of mine in #11502. I believe I made my patch correctly.
No, it's not correct -- the diff isn't from the root of the django tree. The first file here is listed simply as "templatetags/admin_list.py", but there is no "templatetags" directory in the root of the django tree, so whoever goes to apply the patch has to find the right place within the django tree (presumably django/contrib/admin) to apply the diff. It's better if the person applying the patch doesn't have to guess where it goes.
As the fix here is now entirely duplicated by the latest patch for #11502, which is relative to django root, I'm closing this one in favor of that one.
comment:6 by , 15 years ago
Replying to kmtracey:
Replying to anonymous:
First change in
admin_list.pyis the same as one of mine in #11502. I believe I made my patch correctly.
No, it's not correct -- the diff isn't from the root of the django tree. The first file here is listed simply as "templatetags/admin_list.py", but there is no "templatetags" directory in the root of the django tree, so whoever goes to apply the patch has to find the right place within the django tree (presumably django/contrib/admin) to apply the diff. It's better if the person applying the patch doesn't have to guess where it goes.
As the fix here is now entirely duplicated by the latest patch for #11502, which is relative to django root, I'm closing this one in favor of that one.
Sorry, that was me in comment no. 3 — I forgot to sign my name. And I was thinking about my patch (in ticket #11502).
The change in templatetags/admin_list.py corrects escaping in the pagination. It wasn't escaping the ampersand if you had a filter applied. The change to widgets.py addresses a case where I had a raw_id_field with a related model having a unicode representation that included an ampersand.