id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux
2148,[patch] ForeignKey fields not escaped correctly in django admin,rushman@…,Adrian Holovaty,"Steps to reproduce:
{{{
1. two models m1 and m2
2. m2 has foreign key to m1 and this key in list_display set
3. m1 __str__ returns ''
when you will open list of m2 objects in django admin - you should get some alerts.
}}}
Since this is security hole i'm setting severity to 'major'.",defect,closed,contrib.admin,dev,major,fixed,,Sergey Kirillov ,Unreviewed,1,0,0,0,0,0