Opened 13 years ago

Closed 13 years ago

#2344 closed defect (fixed)

[patch] admin's delete_confirmation.html template needs to escape {{ object }}

Reported by: Gary Wilson <gary.wilson@…> Owned by: Adrian Holovaty
Component: contrib.admin Version:
Severity: major Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


object's string representation can contain html.

Attachments (1)

delete_confirmation.html.diff (1.4 KB) - added by Gary Wilson <gary.wilson@…> 13 years ago.

Download all attachments as: .zip

Change History (2)

Changed 13 years ago by Gary Wilson <gary.wilson@…>

comment:1 Changed 13 years ago by Malcolm Tredinnick

Resolution: fixed
Status: newclosed

(In [3339]) Fixed #2344 -- Filtered some object string representations through the escape

Note: See TracTickets for help on using tickets.
Back to Top