#11502: Wrong escaping in admin -----------------------------------------------------+---------------------- Reporter: Tomasz Elendt <[email protected]> | Owner: nobody Status: new | Milestone: Component: django.contrib.admin | Version: SVN Keywords: | Stage: Unreviewed Has_patch: 1 | -----------------------------------------------------+---------------------- There are some places (I found two of them) in Django's admin where querystrings used in templates are marked as safe, which prevents them from auto-escaping. In effect there's unescaped ampersand, when there's more than one variable in querystring. It's hard for me to instruct how to reproduce this bug - IMHO the easiest way is to set your `DEFAULT_CONTENT_TYPE` to `'application/xhtml+xml'` and click through the change list page of the admin (date_hierarchy menu, paginator).
There are also some formatting issues (e.g. some very long lines) in `admin_list.py`. -- Ticket URL: <http://code.djangoproject.com/ticket/11502> Django <http://code.djangoproject.com/> The Web framework for perfectionists with deadlines. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/django-updates?hl=en -~----------~----~----~----~------~----~------~--~---
