#5880: Cross-site(?) scripting when adding text via the "foreign key" popup
window
-----------------------------------+----------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: nobody
Status: closed | Component: Admin interface
Version: SVN | Resolution: fixed
Keywords: | Stage: Accepted
Has_patch: 1 | Needs_docs: 0
Needs_tests: 0 | Needs_better_patch: 0
-----------------------------------+----------------------------------------
Comment (by [EMAIL PROTECTED]):
Thank you for fixing this issue so quickly and in depth.
I was a bit concerned since the "autoescape" tag reminded me of PHP's
"magic_quotes", which only added confusion to the programmers. But after
trying it out, I must say that you did a great job: My naïvely written
template works exactly the same with or without the autoescape tag. No
matter whether I escape the things manually or not. *bow-lowly-in-respect*
There are a few typos left:
* in templates.txt, replace "tempate" with "template"
* in templates_python.txt, replace "you filter" with "your filter"
Thank you for proving that autoescaping magic can be done in a reasonable
way.
Roland
--
Ticket URL: <http://code.djangoproject.com/ticket/5880#comment:7>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
