Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Escaped variables that should not be interpreted as HTML and which might

contain dangerous characters.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@3350 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit ebc6f90d4445e31724e35c23dbf6d9a1953466bd 1 parent 1725db5
@malcolmt malcolmt authored
View
8 django/contrib/admin/templates/admin_doc/model_detail.html
@@ -9,13 +9,13 @@
</style>
{% endblock %}
-{% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> &rsaquo; <a href="../../">Documentation</a> &rsaquo; <a href="../">Models</a> &rsaquo; {{ name }}</div>{% endblock %}
+{% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> &rsaquo; <a href="../../">Documentation</a> &rsaquo; <a href="../">Models</a> &rsaquo; {{ name|escape }}</div>{% endblock %}
-{% block title %}Model: {{ name }}{% endblock %}
+{% block title %}Model: {{ name|escape }}{% endblock %}
{% block content %}
<div id="content-main">
-<h1>{{ summary }}</h1>
+<h1>{{ summary|escape }}</h1>
{% if description %}
<p>{% filter escape|linebreaksbr %}{% trans description %}{% endfilter %}</p>
@@ -35,7 +35,7 @@
<tr>
<td>{{ field.name }}</td>
<td>{{ field.data_type }}</td>
- <td>{% if field.verbose %}{{ field.verbose }}{% endif %}{% if field.help_text %} - {{ field.help_text }}{% endif %}</td>
+ <td>{% if field.verbose %}{{ field.verbose|escape }}{% endif %}{% if field.help_text %} - {{ field.help_text|escape }}{% endif %}</td>
</tr>
{% endfor %}
</tbody>
View
10 django/contrib/admin/templates/admin_doc/template_detail.html
@@ -1,19 +1,19 @@
{% extends "admin/base_site.html" %}
{% load i18n %}
-{% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> &rsaquo; <a href="../../">Documentation</a> &rsaquo; Templates &rsaquo; {{ name }}</div>{% endblock %}
+{% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> &rsaquo; <a href="../../">Documentation</a> &rsaquo; Templates &rsaquo; {{ name|escape }}</div>{% endblock %}
{% block userlinks %}<a href="../../../password_change/">{% trans 'Change password' %}</a> / <a href="../../../logout/">{% trans 'Log out' %}</a>{% endblock %}
-{% block title %}Template: {{ name }}{% endblock %}
+{% block title %}Template: {{ name|escape }}{% endblock %}
{% block content %}
-<h1>Template: "{{ name }}"</h1>
+<h1>Template: "{{ name|escape }}"</h1>
{% regroup templates|dictsort:"site_id" by site as templates_by_site %}
{% for group in templates_by_site %}
- <h2>Search path for template "{{ name }}" on {{ group.grouper }}:</h2>
+ <h2>Search path for template "{{ name|escape }}" on {{ group.grouper }}:</h2>
<ol>
{% for template in group.list|dictsort:"order" %}
- <li><code>{{ template.file }}</code>{% if not template.exists %} <em>(does not exist)</em>{% endif %}</li>
+ <li><code>{{ template.file|escape }}</code>{% if not template.exists %} <em>(does not exist)</em>{% endif %}</li>
{% endfor %}
</ol>
{% endfor %}
View
2  django/contrib/admin/templates/admin_doc/view_detail.html
@@ -8,7 +8,7 @@
<h1>{{ name }}</h1>
-<h2 class="subhead">{{ summary }}</h2>
+<h2 class="subhead">{{ summary|escape }}</h2>
<p>{{ body }}</p>
Please sign in to comment.
Something went wrong with that request. Please try again.