ClearableFileInput widget doesn't encode values when render HTML
|Reported by:||e.generalov||Owned by:||nobody|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
When I upload a file with name "
then I see model change form with link like to "something.jpg".
And when I click to the "jpg" then I see "oops" alert.
There is a bug in the ClearableFileInput render method. It doesn't encodes FileField properties (name and url) when writes HTML.
It could be dangerous for sites where users can to upload files and administrators manages them with admin interface.