Opened 18 years ago
Closed 18 years ago
#2290 closed defect (fixed)
HTML not escaped in Admin messages
| Reported by: | anonymous | Owned by: | Adrian Holovaty |
|---|---|---|---|
| Component: | contrib.admin | Version: | |
| Severity: | normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Messages in the Admin interface (e.g. "The --- was changed successfully") are not HTML escaped. Line 33 of contrib\admin\templates\admin\base.html should be as follows:
<ul class="messagelist">{% for message in messages %}<li>{{ message|escape }}</li>{% endfor %}</ul>
Sean :)
Change History (3)
comment:1 by , 18 years ago
| priority: | high → normal |
|---|---|
| Severity: | major → normal |
comment:3 by , 18 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Looks like this is a superset of #2056, which didn't entirely fix the problem.