id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
6101	Seeing &quot;, etc. in admin list of related object to be deleted	Karen Tracey <kmtracey@…>	anonymous	"I'm seeing &quot;, etc. in the admin list of related objects to be deleted, when the related objects are edited inline and therefore do not have an associated link:

{{{

Are you sure you want to delete the puzzles ""NYT Sat 2007-11-17""? All of the following related items will be deleted:

    * Puzzles: NYT Sat 2007-11-17
          o Clues: CAMPHOROIL: Liniment ingredient
          o Clues: MITA: Certain copier
          o Clues: UNITARIANS: Presidents Adams, Fillmore and Taft
          o Clues: APIN: &quot;... on the head of ____?&quot;

}}}

It looks like there's a missing mark_safe around where these items are created (after the object representation has been escaped) on line 57 here:

http://code.djangoproject.com/browser/django/branches/newforms-admin/django/contrib/admin/util.py#L57

I think it should be: 

nh(deleted_objects, current_depth, [mark_safe(u'%s: %s' % (force_unicode(capfirst(related.opts.verbose_name)), escape(sub_obj))), []])

Making this change gets rid of the &quot;s I see in my list of related items to be deleted -- they display as quotes.

Hmm, I just noticed a few lines up (line 41) in the code for the !OneToOne case that there seems to be a missing escape around sub_obj:

http://code.djangoproject.com/browser/django/branches/newforms-admin/django/contrib/admin/util.py#L41

Shouldn't that also be:

nh(deleted_objects, current_depth, [mark_safe(u'%s: %s' % (force_unicode(capfirst(related.opts.verbose_name)), escape(sub_obj))), []])

?"		closed	contrib.admin	newforms-admin		fixed	autoescape nfa-someday		Accepted	0	0	0	0	0	0