Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Escaped variables that should not be interpreted as HTML and which might

contain dangerous characters.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@3350 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit ebc6f90d4445e31724e35c23dbf6d9a1953466bd 1 parent 1725db5
@malcolmt malcolmt authored
View
8 django/contrib/admin/templates/admin_doc/model_detail.html
@@ -9,13 +9,13 @@
</style>
{% endblock %}
-{% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> &rsaquo; <a href="../../">Documentation</a> &rsaquo; <a href="../">Models</a> &rsaquo; {{ name }}</div>{% endblock %}
+{% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> &rsaquo; <a href="../../">Documentation</a> &rsaquo; <a href="../">Models</a> &rsaquo; {{ name|escape }}</div>{% endblock %}
-{% block title %}Model: {{ name }}{% endblock %}
+{% block title %}Model: {{ name|escape }}{% endblock %}
{% block content %}
<div id="content-main">
-<h1>{{ summary }}</h1>
+<h1>{{ summary|escape }}</h1>
{% if description %}
<p>{% filter escape|linebreaksbr %}{% trans description %}{% endfilter %}</p>
@@ -35,7 +35,7 @@
<tr>
<td>{{ field.name }}</td>
<td>{{ field.data_type }}</td>
- <td>{% if field.verbose %}{{ field.verbose }}{% endif %}{% if field.help_text %} - {{ field.help_text }}{% endif %}</td>
+ <td>{% if field.verbose %}{{ field.verbose|escape }}{% endif %}{% if field.help_text %} - {{ field.help_text|escape }}{% endif %}</td>
</tr>
{% endfor %}
</tbody>
View
10 django/contrib/admin/templates/admin_doc/template_detail.html
@@ -1,19 +1,19 @@
{% extends "admin/base_site.html" %}
{% load i18n %}
-{% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> &rsaquo; <a href="../../">Documentation</a> &rsaquo; Templates &rsaquo; {{ name }}</div>{% endblock %}
+{% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> &rsaquo; <a href="../../">Documentation</a> &rsaquo; Templates &rsaquo; {{ name|escape }}</div>{% endblock %}
{% block userlinks %}<a href="../../../password_change/">{% trans 'Change password' %}</a> / <a href="../../../logout/">{% trans 'Log out' %}</a>{% endblock %}
-{% block title %}Template: {{ name }}{% endblock %}
+{% block title %}Template: {{ name|escape }}{% endblock %}
{% block content %}
-<h1>Template: "{{ name }}"</h1>
+<h1>Template: "{{ name|escape }}"</h1>
{% regroup templates|dictsort:"site_id" by site as templates_by_site %}
{% for group in templates_by_site %}
- <h2>Search path for template "{{ name }}" on {{ group.grouper }}:</h2>
+ <h2>Search path for template "{{ name|escape }}" on {{ group.grouper }}:</h2>
<ol>
{% for template in group.list|dictsort:"order" %}
- <li><code>{{ template.file }}</code>{% if not template.exists %} <em>(does not exist)</em>{% endif %}</li>
+ <li><code>{{ template.file|escape }}</code>{% if not template.exists %} <em>(does not exist)</em>{% endif %}</li>
{% endfor %}
</ol>
{% endfor %}
View
2  django/contrib/admin/templates/admin_doc/view_detail.html
@@ -8,7 +8,7 @@
<h1>{{ name }}</h1>
-<h2 class="subhead">{{ summary }}</h2>
+<h2 class="subhead">{{ summary|escape }}</h2>
<p>{{ body }}</p>
Please sign in to comment.
Something went wrong with that request. Please try again.