id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 2148,[patch] ForeignKey fields not escaped correctly in django admin,rushman@…,Adrian Holovaty,"Steps to reproduce: {{{ 1. two models m1 and m2 2. m2 has foreign key to m1 and this key in list_display set 3. m1 __str__ returns '' when you will open list of m2 objects in django admin - you should get some alerts. }}} Since this is security hole i'm setting severity to 'major'.",defect,closed,contrib.admin,dev,major,fixed,,Sergey Kirillov ,Unreviewed,1,0,0,0,0,0