id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
23544	Escape backtick	djbug	nobody	"IE8 can suffer from XSS if backtick is left unescaped as it can be used to switch out of the attribute. It should be added in `django.utils.html.escape()` if this is a serious security issue.

Source & related discussions: 

1. Paper by Mario Heiderich : https://cure53.de/fp170.pdf
2. https://html5sec.org/#102
3. http://lcamtuf.coredump.cx/postxss/
"	Bug	closed	Uncategorized	dev	Normal	wontfix	xss		Unreviewed	0	0	0	0	0	0