From 8938d5eeb32bd246aacab22ddbd0484165de7a94 Mon Sep 17 00:00:00 2001
From: Adrian Holovaty <adrian@holovaty.com>
Date: Wed, 14 Jun 2006 14:56:19 +0000
Subject: [PATCH] Fixed #2152 -- Now HTML-escaping user.first_name in
 admin/base.html template

git-svn-id: http://code.djangoproject.com/svn/django/trunk@3129 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 django/contrib/admin/templates/admin/base.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/django/contrib/admin/templates/admin/base.html b/django/contrib/admin/templates/admin/base.html
index b1e9d5d1be8..e7f1c7e5a92 100644
--- a/django/contrib/admin/templates/admin/base.html
+++ b/django/contrib/admin/templates/admin/base.html
@@ -21,7 +21,7 @@
         {% block branding %}{% endblock %}
         </div>
         {% if not user.is_anonymous %}{% if user.is_staff %}
-        <div id="user-tools">{% trans 'Welcome,' %} <strong>{% if user.first_name %}{{ user.first_name }}{% else %}{{ user.username }}{% endif %}</strong>. {% block userlinks %}<a href="doc/">{% trans 'Documentation' %}</a> / <a href="password_change/">{% trans 'Change password' %}</a> / <a href="logout/">{% trans 'Log out' %}</a>{% endblock %}</div>
+        <div id="user-tools">{% trans 'Welcome,' %} <strong>{% if user.first_name %}{{ user.first_name|escape }}{% else %}{{ user.username }}{% endif %}</strong>. {% block userlinks %}<a href="doc/">{% trans 'Documentation' %}</a> / <a href="password_change/">{% trans 'Change password' %}</a> / <a href="logout/">{% trans 'Log out' %}</a>{% endblock %}</div>
         {% endif %}{% endif %}
         {% block nav-global %}{% endblock %}
     </div>