Opened 5 years ago

Closed 5 years ago

#24466 closed Cleanup/optimization (fixed)

Improve consistency of JavaScript escaping in the admin

Reported by: Tim Graham Owned by: Tim Graham
Component: contrib.admin Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Escaping of values inserted into JavaScript code should always be done in the template rather than in the view (since context values could be reused in a template outside of JavaScript where JS escaping isn't desired). Some values like model verbose_name aren't currently escaped and it wouldn't hurt to add escaping there.

Change History (2)

comment:1 Changed 5 years ago by Tim Graham

comment:2 Changed 5 years ago by Tim Graham <timograham@…>

Resolution: fixed
Status: newclosed

In 845817b:

Fixed #24466 -- Added JavaScript escaping in a couple places in the admin.

Thanks Aymeric Augustin and Florian Apolloner for work on the patch.

Note: See TracTickets for help on using tickets.
Back to Top