#5984: debug view does not escape variable values
-----------------------+----------------------------------------------------
Reporter: mir | Owner: nobody
Status: new | Component: Template system
Version: SVN | Keywords: autoescape debug
Stage: Unreviewed | Has_patch: 0
-----------------------+----------------------------------------------------
In the debug view, variable values (and names) are not escaped.
There's an {{{ {% autoescape off %} }}} in django/views/debug.py, line
415. I don't understand the reason for it (and then using {{{ |escape }}}
afterwards, but not line 449 to display the variables). Changing this to
{{{ {% autoescape on %} }}} fixes the bug.
--
Ticket URL: <http://code.djangoproject.com/ticket/5984>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
