Skip to content
Browse files

Removed mark_safe from the saved request path on the admin login form…

…. This prevents a potential XSS attack. Formal announcement will be forthcoming.

git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent 4880ba3 commit 41635d2176f7a950498b020f335232ad9f734279 @freakboy3742 freakboy3742 committed
Showing with 1 addition and 1 deletion.
  1. +1 −1  django/contrib/admin/views/
2  django/contrib/admin/views/
@@ -29,7 +29,7 @@ def _display_login_form(request, error_message=''):
post_data = _encode_post_data({})
return render_to_response('admin/login.html', {
'title': _('Log in'),
- 'app_path': mark_safe(request.path),
+ 'app_path': request.path,
'post_data': post_data,
'error_message': error_message
}, context_instance=template.RequestContext(request))

0 comments on commit 41635d2

Please sign in to comment.
Something went wrong with that request. Please try again.