Escaping in the startproject command
|Reported by:||mjtamlyn||Owned by:||nobody|
|Component:||Core (Management commands)||Version:||master|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||yes||Patch needs improvement:||no|
The startproject command uses the template language, and seems to be html-escaping various things. For example aviraldg reported on IRC getting a SECRET_KEY with several instances of & in the middle of the string.
In this context it's harmless, but it may break other places where & or < are legitimate characters. We should probably render the whole template with escaping disabled.
Change History (3)
comment:1 Changed 4 years ago by aaugustin
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
- Triage Stage changed from Unreviewed to Accepted