Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Escaped variables that should not be interpreted as HTML and which might

contain dangerous characters.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@3350 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit ebc6f90d4445e31724e35c23dbf6d9a1953466bd 1 parent 1725db5
Malcolm Tredinnick authored July 14, 2006
8  django/contrib/admin/templates/admin_doc/model_detail.html
@@ -9,13 +9,13 @@
9 9
 </style>
10 10
 {% endblock %}
11 11
 
12  
-{% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> &rsaquo; <a href="../../">Documentation</a> &rsaquo; <a href="../">Models</a> &rsaquo; {{ name }}</div>{% endblock %}
  12
+{% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> &rsaquo; <a href="../../">Documentation</a> &rsaquo; <a href="../">Models</a> &rsaquo; {{ name|escape }}</div>{% endblock %}
13 13
 
14  
-{% block title %}Model: {{ name }}{% endblock %}
  14
+{% block title %}Model: {{ name|escape }}{% endblock %}
15 15
 
16 16
 {% block content %}
17 17
 <div id="content-main">
18  
-<h1>{{ summary }}</h1>
  18
+<h1>{{ summary|escape }}</h1>
19 19
 
20 20
 {% if description %}
21 21
   <p>{% filter escape|linebreaksbr %}{% trans description %}{% endfilter %}</p>
@@ -35,7 +35,7 @@
35 35
 <tr>
36 36
     <td>{{ field.name }}</td>
37 37
     <td>{{ field.data_type }}</td>
38  
-    <td>{% if field.verbose %}{{ field.verbose }}{% endif %}{% if field.help_text %} - {{ field.help_text }}{% endif %}</td>
  38
+    <td>{% if field.verbose %}{{ field.verbose|escape }}{% endif %}{% if field.help_text %} - {{ field.help_text|escape }}{% endif %}</td>
39 39
 </tr>
40 40
 {% endfor %}
41 41
 </tbody>
10  django/contrib/admin/templates/admin_doc/template_detail.html
... ...
@@ -1,19 +1,19 @@
1 1
 {% extends "admin/base_site.html" %}
2 2
 {% load i18n %}
3  
-{% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> &rsaquo; <a href="../../">Documentation</a> &rsaquo; Templates &rsaquo; {{ name }}</div>{% endblock %}
  3
+{% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> &rsaquo; <a href="../../">Documentation</a> &rsaquo; Templates &rsaquo; {{ name|escape }}</div>{% endblock %}
4 4
 {% block userlinks %}<a href="../../../password_change/">{% trans 'Change password' %}</a> / <a href="../../../logout/">{% trans 'Log out' %}</a>{% endblock %}
5 5
 
6  
-{% block title %}Template: {{ name }}{% endblock %}
  6
+{% block title %}Template: {{ name|escape }}{% endblock %}
7 7
 
8 8
 {% block content %}
9  
-<h1>Template: "{{ name }}"</h1>
  9
+<h1>Template: "{{ name|escape }}"</h1>
10 10
 
11 11
 {% regroup templates|dictsort:"site_id" by site as templates_by_site %}
12 12
 {% for group in templates_by_site %}
13  
-    <h2>Search path for template "{{ name }}" on {{ group.grouper }}:</h2>
  13
+    <h2>Search path for template "{{ name|escape }}" on {{ group.grouper }}:</h2>
14 14
     <ol>
15 15
     {% for template in group.list|dictsort:"order" %}
16  
-        <li><code>{{ template.file }}</code>{% if not template.exists %} <em>(does not exist)</em>{% endif %}</li>
  16
+        <li><code>{{ template.file|escape }}</code>{% if not template.exists %} <em>(does not exist)</em>{% endif %}</li>
17 17
     {% endfor %}
18 18
     </ol>
19 19
 {% endfor %}
2  django/contrib/admin/templates/admin_doc/view_detail.html
@@ -8,7 +8,7 @@
8 8
 
9 9
 <h1>{{ name }}</h1>
10 10
 
11  
-<h2 class="subhead">{{ summary }}</h2>
  11
+<h2 class="subhead">{{ summary|escape }}</h2>
12 12
 
13 13
 <p>{{ body }}</p>
14 14
 

0 notes on commit ebc6f90

Please sign in to comment.
Something went wrong with that request. Please try again.