Opened 12 years ago
Closed 12 years ago
#18634 closed Bug (fixed)
Escaping in the startproject command
| Reported by: | Marc Tamlyn | Owned by: | nobody |
|---|---|---|---|
| Component: | Core (Management commands) | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Florian Apolloner | Triage Stage: | Accepted |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | yes | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The startproject command uses the template language, and seems to be html-escaping various things. For example aviraldg reported on IRC getting a SECRET_KEY with several instances of & in the middle of the string.
In this context it's harmless, but it may break other places where & or < are legitimate characters. We should probably render the whole template with escaping disabled.
Change History (3)
comment:1 by , 12 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|
comment:2 by , 12 years ago
| Has patch: | set |
|---|---|
| Needs tests: | set |
comment:3 by , 12 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
See Pull Request here: https://github.com/django/django/pull/214