Gary Wilson Jr 38d972b9ec Fixed #5880 -- Fixed an XSS hole in the admin interface. ... * Escaped text that gets sent after saving the admin foreignkey popup form. * Added quotes around the second argument passed to `opener.dismissAddAnotherPopup` to make the function also work when a text field is used as the primary key. * Added a `html_unescape` javascript function to unescape the strings passed in to the `dismissAddAnotherPopup` function so that the added choice displays correctly in the dropdown box. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6691 bcc190cf-cafb-0310-a4f2-bffc1f526a37		2007-11-18 06:51:20 +00:00
..
__init__.py	Added django.contrib.admin, with a staff_member_required decorator and code from AdminUserRequired middleware. Refs #627	2005-10-18 04:21:07 +00:00
auth.py	Merged Unicode branch into trunk (r4952:5608). This should be fully	2007-07-04 12:11:04 +00:00
decorators.py	Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359	2007-11-14 12:58:53 +00:00
doc.py	Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359	2007-11-14 12:58:53 +00:00
main.py	Fixed #5880 -- Fixed an XSS hole in the admin interface.	2007-11-18 06:51:20 +00:00
template.py	Copied django.forms to django.oldforms and changed all code to reference django.oldforms instead of django.forms. Updated docs/forms.txt to add 'Forwards-compatibility' section that says you should not be using django.oldforms for any new projects.	2006-12-15 18:00:50 +00:00