On Fri, 2007-11-16 at 13:26 -0800, ScottB wrote: > Hi. > > It seems the urlize filter marks its output as safe, but the > django.utils.html.urlize function on which it depends is only escaping > the content of the "a" element (i.e. the text between <a> and </a>). > > Any other text passed to the filter is not escaped. Also the url > inserted in the href attribute is not escaped or url encoded.
Please file tickets for these sorts of things, rather than reporting them here. On the mailing list, they may be overlooked or forgotten. In Trac, that won't happen. Don't bother for this case, though, since I've seen it now and will address it this today. Regards, Malcolm -- The only substitute for good manners is fast reflexes. http://www.pointy-stick.com/blog/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
