Changes between Initial Version and Version 1 of Ticket #36733
- Timestamp:
- Nov 14, 2025, 3:46:21 PM (4 hours ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #36733
- Property Severity Normal → Release blocker
- Property Triage Stage Unreviewed → Accepted
- Property Summary Fix unescape attributes in Stylesheet.__str__ → Fix unescaped attributes in Stylesheet.__str__
-
Ticket #36733 – Description
initial v1 1 ,,This was originally reported by Mustafa Barakat as a security issue but was deemed low-risk enough to be tracked publicly.,,1 ,,This was originally reported by Mustafa Barakat as a potential security issue but no vulnerability was identified, hence tracking this publicly,, 2 2 3 3 The `django.utils.feedgenerator.Stylesheet` class (introduced in #12978) has a `__str__` method which is used when outputting a `<?xml-stylesheet ... ?>`. The method uses f-strings with three different attributes: `url`, `mimetype`, and `media`.