#1706 closed defect (duplicate)
Admin interface munging overquoted data
| Reported by: | Owned by: | Adrian Holovaty | |
|---|---|---|---|
| Component: | contrib.admin | Version: | |
| Severity: | normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Creating a new django object, etc on top of MySQL and adding a row with the following column:
Rejecting file due to 'Unable to retrieve XML-RPC Data for loan: '<Fault 103: 'unknown loan'>'.'
Django puts it into the database correctly, and a select shows the correct data.
However running the admin interface seems to munge that data... The actual HTML output is:
<td>Rejecting file 00001781.txt due to 'Unable to retrieve XML-RPC Data for loan 302486992: '<Fault 103: 'unknown loan'>'.' </td>
One can assume that it's trying to safely drop what it sees as an 'invalid html tag'... But it seems that dropping valid display data may be undesired behavior. Escaping HTML characters or something similar might be a better output.
Change History (3)
comment:1 by , 18 years ago
comment:2 by , 18 years ago
Unless Trac has munged it as well, the data you say is being output looks identical to the data you say is going in. If you may have characters which need to be escaped for HTML output, escape it on the way into the database, or use the 'escape' template filter on output.
comment:3 by , 18 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
This looks like an escaping bug in the admin interface. That is being handled in #2359.
Note: It's not the quotes. It appears anything inside < & > was stripped out. If i replace the data field <'s & >'s with [ & ] it works ok.
for now i'm doing a .replace in python but wondering if it's possible to fix admin ...