Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

The "first" filter can return an unsafe string for safe input ( {{"&l…

…t;"|first}} ), so change is_safe to False. Refs #5567.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@6997 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 1f6bc7ffa774ee7f00ed58f62477be64c1e0451e 1 parent 3d52ce7
@malcolmt malcolmt authored
Showing with 1 addition and 1 deletion.
  1. +1 −1  django/template/defaultfilters.py
View
2  django/template/defaultfilters.py
@@ -433,7 +433,7 @@ def first(value):
return value[0]
except IndexError:
return u''
-first.is_safe = True
+first.is_safe = False
def join(value, arg):
"""Joins a list with a string, like Python's ``str.join(list)``."""
Please sign in to comment.
Something went wrong with that request. Please try again.