id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 2290 HTML not escaped in Admin messages anonymous Adrian Holovaty "Messages in the Admin interface (e.g. ""The --- was changed successfully"") are not HTML escaped. Line 33 of contrib\admin\templates\admin\base.html should be as follows: {{{ }}} Sean :)" defect closed contrib.admin normal fixed Unreviewed 0 0 0 0 0 0