Opened 13 years ago

Closed 13 years ago

Last modified 13 years ago

#1706 closed defect (duplicate)

Admin interface munging overquoted data

Reported by: brendan.mcadams@… Owned by: Adrian Holovaty
Component: contrib.admin Version:
Severity: normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Creating a new django object, etc on top of MySQL and adding a row with the following column:
Rejecting file due to 'Unable to retrieve XML-RPC Data for loan: '<Fault 103: 'unknown loan'>'.'

Django puts it into the database correctly, and a select shows the correct data.

However running the admin interface seems to munge that data... The actual HTML output is:

<td>Rejecting file 00001781.txt due to 'Unable to retrieve XML-RPC Data for loan 302486992: '<Fault 103: 'unknown loan'>'.' </td>

One can assume that it's trying to safely drop what it sees as an 'invalid html tag'... But it seems that dropping valid display data may be undesired behavior. Escaping HTML characters or something similar might be a better output.

Change History (3)

comment:1 Changed 13 years ago by brendan.mcadams@…

Note: It's not the quotes. It appears anything inside < & > was stripped out. If i replace the data field <'s & >'s with [ & ] it works ok.

for now i'm doing a .replace in python but wondering if it's possible to fix admin ...

comment:2 Changed 13 years ago by James Bennett

Unless Trac has munged it as well, the data you say is being output looks identical to the data you say is going in. If you may have characters which need to be escaped for HTML output, escape it on the way into the database, or use the 'escape' template filter on output.

comment:3 Changed 13 years ago by Malcolm Tredinnick

Resolution: duplicate
Status: newclosed

This looks like an escaping bug in the admin interface. That is being handled in #2359.

Note: See TracTickets for help on using tickets.
Back to Top