Opened 9 years ago

Closed 9 years ago

Last modified 8 years ago

#1706 closed defect (duplicate)

Admin interface munging overquoted data

Reported by: brendan.mcadams@… Owned by: adrian
Component: contrib.admin Version:
Severity: normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

Creating a new django object, etc on top of MySQL and adding a row with the following column:
Rejecting file due to 'Unable to retrieve XML-RPC Data for loan: '<Fault 103: 'unknown loan'>'.'

Django puts it into the database correctly, and a select shows the correct data.

However running the admin interface seems to munge that data... The actual HTML output is:

<td>Rejecting file 00001781.txt due to 'Unable to retrieve XML-RPC Data for loan 302486992: '<Fault 103: 'unknown loan'>'.' </td>

One can assume that it's trying to safely drop what it sees as an 'invalid html tag'... But it seems that dropping valid display data may be undesired behavior. Escaping HTML characters or something similar might be a better output.

Change History (3)

comment:1 Changed 9 years ago by brendan.mcadams@…

Note: It's not the quotes. It appears anything inside < & > was stripped out. If i replace the data field <'s & >'s with [ & ] it works ok.

for now i'm doing a .replace in python but wondering if it's possible to fix admin ...

comment:2 Changed 9 years ago by ubernostrum

Unless Trac has munged it as well, the data you say is being output looks identical to the data you say is going in. If you may have characters which need to be escaped for HTML output, escape it on the way into the database, or use the 'escape' template filter on output.

comment:3 Changed 9 years ago by mtredinnick

  • Resolution set to duplicate
  • Status changed from new to closed

This looks like an escaping bug in the admin interface. That is being handled in #2359.

Note: See TracTickets for help on using tickets.
Back to Top