Opened 18 years ago
Closed 18 years ago
#2344 closed defect (fixed)
[patch] admin's delete_confirmation.html template needs to escape {{ object }}
| Reported by: | Owned by: | Adrian Holovaty | |
|---|---|---|---|
| Component: | contrib.admin | Version: | |
| Severity: | major | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
object's string representation can contain html.
Attachments (1)
Change History (2)
by , 18 years ago
| Attachment: | delete_confirmation.html.diff added |
|---|
comment:1 by , 18 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
(In [3339]) Fixed #2344 -- Filtered some object string representations through the escape
filter.