#615 closed defect (fixed)
[patch] Replace strip_tags with escape in d.v.a.main
| Reported by: | Owned by: | Adrian Holovaty | |
|---|---|---|---|
| Component: | contrib.admin | Version: | |
| Severity: | normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
It's not enough to strip_tags the object repr's in the admin views. They should be HTML-escaped instead. Otherwise the generated HTML is not valid, and breaks when served as XHTML.
Attachments (1)
Change History (2)
by , 19 years ago
| Attachment: | admin.patch added |
|---|
comment:1 by , 19 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
(In [1982]) Fixed #615 -- Admin views now use escape() instead of strip_tags(). Thanks, Sune Kirkeby