More pre-emptive escaping of strings that should not be interpreted as HTML.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@3352 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Malcolm Tredinnick 2006-07-15 01:07:13 +00:00
parent ebc6f90d44
commit 6d104115d1
3 changed files with 3 additions and 3 deletions

View File

@ -1,4 +1,4 @@
{% load admin_modify i18n %}{% if bound_field.original_value %} {% load admin_modify i18n %}{% if bound_field.original_value %}
{% trans "Currently:" %} <a href="{{ bound_field.original_url }}" > {{ bound_field.original_value }} </a><br /> {% trans "Currently:" %} <a href="{{ bound_field.original_url }}" > {{ bound_field.original_value|escape }} </a><br />
{% trans "Change:" %}{% output_all bound_field.form_fields %} {% trans "Change:" %}{% output_all bound_field.form_fields %}
{% else %} {% output_all bound_field.form_fields %} {% endif %} {% else %} {% output_all bound_field.form_fields %} {% endif %}

View File

@ -15,6 +15,6 @@
{{ bound_field.original_value }} {{ bound_field.original_value }}
{% endif %} {% endif %}
{% if bound_field.raw_id_admin %} {% if bound_field.raw_id_admin %}
{% if bound_field.existing_display %}&nbsp;<strong>{{ bound_field.existing_display|truncatewords:"14" }}</strong>{% endif %} {% if bound_field.existing_display %}&nbsp;<strong>{{ bound_field.existing_display|truncatewords:"14"|escape }}</strong>{% endif %}
{% endif %} {% endif %}
{% endif %} {% endif %}

View File

@ -1,2 +1,2 @@
{% if add %}{% include "widget/foreign.html" %}{% endif %} {% if add %}{% include "widget/foreign.html" %}{% endif %}
{% if change %}{% if bound_field.existing_display %}&nbsp;<strong>{{ bound_field.existing_display|truncatewords:"14" }}</strong>{% endif %}{% endif %} {% if change %}{% if bound_field.existing_display %}&nbsp;<strong>{{ bound_field.existing_display|truncatewords:"14"|escape }}</strong>{% endif %}{% endif %}