django1/django/contrib/admin/views
Gary Wilson Jr 38d972b9ec Fixed #5880 -- Fixed an XSS hole in the admin interface.
* Escaped text that gets sent after saving the admin foreignkey popup form.
 * Added quotes around the second argument passed to `opener.dismissAddAnotherPopup` to make the function also work when a text field is used as the primary key.
 * Added a `html_unescape` javascript function to unescape the strings passed in to the `dismissAddAnotherPopup` function so that the added choice displays correctly in the dropdown box.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6691 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-18 06:51:20 +00:00
..
__init__.py Added django.contrib.admin, with a staff_member_required decorator and code from AdminUserRequired middleware. Refs #627 2005-10-18 04:21:07 +00:00
auth.py Merged Unicode branch into trunk (r4952:5608). This should be fully 2007-07-04 12:11:04 +00:00
decorators.py Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359 2007-11-14 12:58:53 +00:00
doc.py Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359 2007-11-14 12:58:53 +00:00
main.py Fixed #5880 -- Fixed an XSS hole in the admin interface. 2007-11-18 06:51:20 +00:00
template.py Copied django.forms to django.oldforms and changed all code to reference django.oldforms instead of django.forms. Updated docs/forms.txt to add 'Forwards-compatibility' section that says you should not be using django.oldforms for any new projects. 2006-12-15 18:00:50 +00:00