From 6d104115d1e1e57acd4e9105bca6bdb8b5983230 Mon Sep 17 00:00:00 2001
From: Malcolm Tredinnick <malcolm.tredinnick@gmail.com>
Date: Sat, 15 Jul 2006 01:07:13 +0000
Subject: [PATCH] More pre-emptive escaping of strings that should not be
 interpreted as HTML.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@3352 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 django/contrib/admin/templates/widget/file.html       | 2 +-
 django/contrib/admin/templates/widget/foreign.html    | 2 +-
 django/contrib/admin/templates/widget/one_to_one.html | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/django/contrib/admin/templates/widget/file.html b/django/contrib/admin/templates/widget/file.html
index e4a0756211..e584abf956 100644
--- a/django/contrib/admin/templates/widget/file.html
+++ b/django/contrib/admin/templates/widget/file.html
@@ -1,4 +1,4 @@
 {% load admin_modify i18n %}{% if bound_field.original_value %}
-{% trans "Currently:" %} <a href="{{ bound_field.original_url }}" > {{ bound_field.original_value }} </a><br />
+{% trans "Currently:" %} <a href="{{ bound_field.original_url }}" > {{ bound_field.original_value|escape }} </a><br />
 {% trans "Change:" %}{% output_all bound_field.form_fields %}
 {% else %} {% output_all bound_field.form_fields %} {% endif %}
diff --git a/django/contrib/admin/templates/widget/foreign.html b/django/contrib/admin/templates/widget/foreign.html
index 6b43d044bd..301f5214db 100644
--- a/django/contrib/admin/templates/widget/foreign.html
+++ b/django/contrib/admin/templates/widget/foreign.html
@@ -15,6 +15,6 @@
         {{ bound_field.original_value }}
     {% endif %}
     {% if bound_field.raw_id_admin %}
-        {% if bound_field.existing_display %}&nbsp;<strong>{{ bound_field.existing_display|truncatewords:"14" }}</strong>{% endif %}
+        {% if bound_field.existing_display %}&nbsp;<strong>{{ bound_field.existing_display|truncatewords:"14"|escape }}</strong>{% endif %}
     {% endif %}
 {% endif %}
diff --git a/django/contrib/admin/templates/widget/one_to_one.html b/django/contrib/admin/templates/widget/one_to_one.html
index a79a12314f..efd0117bf2 100644
--- a/django/contrib/admin/templates/widget/one_to_one.html
+++ b/django/contrib/admin/templates/widget/one_to_one.html
@@ -1,2 +1,2 @@
 {% if add %}{% include "widget/foreign.html" %}{% endif %}
-{% if change %}{% if bound_field.existing_display %}&nbsp;<strong>{{ bound_field.existing_display|truncatewords:"14" }}</strong>{% endif %}{% endif %}
+{% if change %}{% if bound_field.existing_display %}&nbsp;<strong>{{ bound_field.existing_display|truncatewords:"14"|escape }}</strong>{% endif %}{% endif %}