Opened 17 years ago
Closed 17 years ago
#3078 closed defect (fixed)
newforms: <label>s for Form.as_table() and Form.as_ul() should be escaped
| Reported by: | Chris Beaven | Owned by: | Adrian Holovaty |
|---|---|---|---|
| Component: | Core (Other) | Version: | |
| Severity: | normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
All references to bf.label_tag(bf.verbose_name+':') should be bf.label_tag(escape(bf.verbose_name)+':')
Note:
See TracTickets
for help on using tickets.
(In [4133]) Fixed #3078 -- newforms: Added HTML escaping to label_tag() calls. Thanks, SmileyChris