Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#24464 closed Cleanup/optimization (fixed)

Update default of template filters autoescape parameter to True

Reported by: Sasha Romijn Owned by: nobody
Component: Template system Version: dev
Severity: Normal Keywords:
Cc: Markus Holtermann Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

In order to avoid relying on users reading the documentation added in #21722 about the requirement to call built-in template filters with autoescape=True if escaping is needed, it seems useful to update the default to escape by default.

Change History (5)

comment:1 by Markus Holtermann, 10 years ago

Cc: Markus Holtermann added

comment:2 by Tim Graham <timograham@…>, 10 years ago

Resolution: fixed
Status: newclosed

In fa350e2f303572ee8f9a8302dda45a12288d3d95:

Fixed #24464 -- Made built-in HTML template filter functions escape their input by default.

This may cause some backwards compatibility issues, but may also
resolve security issues in third party projects that fail to heed warnings
in our documentation.

Thanks Markus Holtermann for help with tests and docs.

comment:3 by Tim Graham <timograham@…>, 10 years ago

In d16e4e1d6f95e6f46bff53cc4fd0ab398b8e5059:

[1.8.x] Fixed #24464 -- Made built-in HTML template filter functions escape their input by default.

This may cause some backwards compatibility issues, but may also
resolve security issues in third party projects that fail to heed warnings
in our documentation.

Thanks Markus Holtermann for help with tests and docs.

Backport of fa350e2f303572ee8f9a8302dda45a12288d3d95 from master

comment:4 by Tim Graham <timograham@…>, 10 years ago

In 35d68e8e766217924375e1a91533fee50159291c:

[1.8.x] Refs #24461 -- Added test/release notes for XSS issue in ModelAdmin.readonly_fields

This issue was fixed by refs #24464.

comment:5 by Tim Graham <timograham@…>, 10 years ago

In 82c9169077a066995e3b00aac551bf1c8a89d98a:

Refs #24461 -- Added test/release notes for XSS issue in ModelAdmin.readonly_fields

This issue was fixed by refs #24464.

Note: See TracTickets for help on using tickets.
Back to Top