Opened 19 years ago

Closed 19 years ago

Last modified 18 years ago

#615 closed defect (fixed)

[patch] Replace strip_tags with escape in d.v.a.main

Reported by: sune.kirkeby@… Owned by: Adrian Holovaty
Component: contrib.admin Version:
Severity: normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

It's not enough to strip_tags the object repr's in the admin views. They should be HTML-escaped instead. Otherwise the generated HTML is not valid, and breaks when served as XHTML.

Attachments (1)

admin.patch (5.0 KB ) - added by sune.kirkeby@… 19 years ago.

Download all attachments as: .zip

Change History (2)

by sune.kirkeby@…, 19 years ago

Attachment: admin.patch added

comment:1 by Adrian Holovaty, 19 years ago

Resolution: fixed
Status: newclosed

(In [1982]) Fixed #615 -- Admin views now use escape() instead of strip_tags(). Thanks, Sune Kirkeby

Note: See TracTickets for help on using tickets.
Back to Top