Ticket #6058: 00-admin-autoescape.diff

File 00-admin-autoescape.diff, 5.0 KB (added by Petr Marhoun <petr.marhoun@…>, 17 years ago)

  • django/contrib/admin/templates/admin/change_form.html 

    === modified file 'django/contrib/admin/templates/admin/change_form.html'
     
    33
    44{% block extrahead %}{{ block.super }}
    55<script type="text/javascript" src="../../../jsi18n/"></script>
    6 {{ media }}
     6{{ media|safe }}
    77{% endblock %}
    88
    99{% block stylesheet %}{% admin_media_prefix %}css/forms.css{% endblock %}

  • django/contrib/admin/templates/admin/change_list_results.html 

    === modified file 'django/contrib/admin/templates/admin/change_list_results.html'
     
    22<table cellspacing="0">
    33<thead>
    44<tr>
    5 {% for header in result_headers %}<th{{ header.class_attrib }}>
     5{% for header in result_headers %}<th{{ header.class_attrib|safe }}>
    66{% if header.sortable %}<a href="{{ header.url }}">{% endif %}
    77{{ header.text|capfirst }}
    88{% if header.sortable %}</a>{% endif %}</th>{% endfor %}

  • django/contrib/admin/templates/admin/includes/fieldset.html 

    === modified file 'django/contrib/admin/templates/admin/includes/fieldset.html'
     
    33  {% if fieldset.description %}<div class="description">{{ fieldset.description }}</div>{% endif %}
    44  {% for line in fieldset %}
    55      <div class="form-row{% if line.errors %} errors{% endif %} {% for field in line %}{{ field.field.name }} {% endfor %} ">
    6       {{ line.errors }}
     6      {{ line.errors|safe }}
    77      {% for field in line %}
    88          {% if field.is_checkbox %}
    99              {{ field.field }}{{ field.label_tag }}

  • django/contrib/admin/views/main.py 

    === modified file 'django/contrib/admin/views/main.py'
     
    99from django.db.models.query import handle_legacy_orderlist, QuerySet
    1010from django.http import Http404
    1111from django.utils.encoding import force_unicode, smart_str
     12from django.utils.safestring import mark_safe
    1213from django.utils.translation import ugettext
    1314import operator
    1415

  • django/contrib/admin/widgets.py 

    === modified file 'django/contrib/admin/widgets.py'
     
    55from django import newforms as forms
    66from django.utils.datastructures import MultiValueDict
    77from django.utils.text import capfirst
     8from django.utils.safestring import mark_safe
    89from django.utils.translation import ugettext as _
    910from django.conf import settings
    1011
     
    2829        # API to determine the ID dynamically.
    2930        output.append(u'SelectFilter.init("id_%s", "%s", %s, "%s"); });</script>\n' % \
    3031            (name, self.verbose_name.replace('"', '\\"'), int(self.is_stacked), settings.ADMIN_MEDIA_PREFIX))
    31         return u''.join(output)
     32        return mark_safe(u''.join(output))
    3233
    3334class AdminDateWidget(forms.TextInput):
    3435    class Media:
     
    7374        if value:
    7475            output.append('Currently: <a target="_blank" href="%s%s">%s</a> <br>Change: ' % (settings.MEDIA_URL, value, value))
    7576        output.append(super(AdminFileWidget, self).render(name, value, attrs))
    76         return u''.join(output)
     77        return mark_safe(u''.join(output))
    7778
    7879class ForeignKeyRawIdWidget(forms.TextInput):
    7980    """
     
    99100        output.append('<a href="%s%s" class="related-lookup" id="lookup_id_%s" onclick="return showRelatedObjectLookupPopup(this);"> ' % \
    100101            (related_url, url, name))
    101102        output.append('<img src="%simg/admin/selector-search.gif" width="16" height="16" alt="Lookup"></a>' % settings.ADMIN_MEDIA_PREFIX)
    102         return u''.join(output)
     103        return mark_safe(u''.join(output))
    103104        #if self.change: # TODO
    104105            #output.append('&nbsp;<strong>TODO</strong>')
    105106           
     
    148149            output.append(u'<a href="%sadd/" class="add-another" id="add_id_%s" onclick="return showAddAnotherPopup(this);"> ' % \
    149150                (related_url, name))
    150151            output.append(u'<img src="%simg/admin/icon_addlink.gif" width="10" height="10" alt="Add Another"/></a>' % settings.ADMIN_MEDIA_PREFIX)
    151         return u''.join(output)
     152        return mark_safe(u''.join(output))
    152153
    153154    def __deepcopy__(self, memo):
    154155        # There's no reason to deepcopy admin_site, etc, so just return self.

  • django/newforms/widgets.py 

    === modified file 'django/newforms/widgets.py'
     
    528528            if id_:
    529529                final_attrs = dict(final_attrs, id='%s_%s' % (id_, i))
    530530            output.append(widget.render(name + '_%s' % i, widget_value, final_attrs))
    531         return self.format_output(output)
     531        return mark_safe(self.format_output(output))
    532532
    533533    def id_for_label(self, id_):
    534534        # See the comment for RadioSelect.id_for_label()
Back to Top