File tree 3 files changed +4
-3
lines changed
3 files changed +4
-3
lines changed Original file line number Diff line number Diff line change @@ -63,7 +63,7 @@ <h1 class="section-title">
6363 < div class ="clearfix "> </ div >
6464</ div >
6565{% if search_query %}
66- < p > {% trans %}users matching query {{search_query}}:{% endtrans %}</ p >
66+ < p > {% trans search_query=search_query|escape %}users matching query {{search_query}}:{% endtrans %}</ p >
6767{% endif %}
6868{% if not users.object_list %}
6969 < p > < span > {% trans %}Nothing found.{% endtrans %}</ span > </ p >
Original file line number Diff line number Diff line change 33import datetime
44from django .utils .translation import ugettext as _
55from django .utils .translation import ungettext
6+ from django .utils .html import escape
67
78def get_from_dict_or_object (source , key ):
89 try :
@@ -158,7 +159,7 @@ def setup_paginator(context):
158159 next_page_number = None
159160
160161 return {
161- "base_url" : context ["base_url" ],
162+ "base_url" : escape ( context ["base_url" ]) ,
162163 "is_paginated" : context ["is_paginated" ],
163164 "previous" : previous_page_number ,
164165 "has_previous" : page_object .has_previous (),
Original file line number Diff line number Diff line change @@ -699,7 +699,7 @@ def subscribe_for_tags(request):
699699 else :
700700 message = _ (
701701 'Tag subscription was canceled (<a href="%(url)s">undo</a>).'
702- ) % {'url' : request .path + '?tags=' + request .REQUEST ['tags' ]}
702+ ) % {'url' : escape ( request .path ) + '?tags=' + request .REQUEST ['tags' ]}
703703 request .user .message_set .create (message = message )
704704 return HttpResponseRedirect (reverse ('index' ))
705705 else :
You can’t perform that action at this time.
0 commit comments