mirror of https://github.com/django/django.git
Fixed #13177 -- Corrected usage of firstof in admin templates. Thanks to nomulous for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12840 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
985e4c8dfe
commit
8dbd8b1c29
|
@ -25,7 +25,7 @@
|
||||||
{% if user.is_active and user.is_staff %}
|
{% if user.is_active and user.is_staff %}
|
||||||
<div id="user-tools">
|
<div id="user-tools">
|
||||||
{% trans 'Welcome,' %}
|
{% trans 'Welcome,' %}
|
||||||
<strong>{% firstof user.first_name user.username %}</strong>.
|
<strong>{% filter force_escape %}{% firstof user.first_name user.username %}{% endfilter %}</strong>.
|
||||||
{% block userlinks %}
|
{% block userlinks %}
|
||||||
{% url django-admindocs-docroot as docsroot %}
|
{% url django-admindocs-docroot as docsroot %}
|
||||||
{% if docsroot %}
|
{% if docsroot %}
|
||||||
|
|
|
@ -113,9 +113,13 @@ You can use any number of values in a ``{% cycle %}`` tag, separated by spaces.
|
||||||
Values enclosed in single (``'``) or double quotes (``"``) are treated as
|
Values enclosed in single (``'``) or double quotes (``"``) are treated as
|
||||||
string literals, while values without quotes are treated as template variables.
|
string literals, while values without quotes are treated as template variables.
|
||||||
|
|
||||||
Note that the variables included in the cycle will not be escaped. This is
|
Note that the variables included in the cycle will not be escaped.
|
||||||
because template tags do not escape their content. If you want to escape the
|
This is because template tags do not escape their content. Any HTML or
|
||||||
variables in the cycle, you must do so explicitly::
|
Javascript code contained in the printed variable will be rendered
|
||||||
|
as-is, which could potentially lead to security issues.
|
||||||
|
|
||||||
|
If you need to escape the variables in the cycle, you must do so
|
||||||
|
explicitly::
|
||||||
|
|
||||||
{% filter force_escape %}
|
{% filter force_escape %}
|
||||||
{% cycle var1 var2 var3 %}
|
{% cycle var1 var2 var3 %}
|
||||||
|
@ -203,9 +207,13 @@ passed variables are False::
|
||||||
|
|
||||||
{% firstof var1 var2 var3 "fallback value" %}
|
{% firstof var1 var2 var3 "fallback value" %}
|
||||||
|
|
||||||
Note that the variables included in the firstof tag will not be escaped. This
|
Note that the variables included in the firstof tag will not be
|
||||||
is because template tags do not escape their content. If you want to escape
|
escaped. This is because template tags do not escape their content.
|
||||||
the variables in the firstof tag, you must do so explicitly::
|
Any HTML or Javascript code contained in the printed variable will be
|
||||||
|
rendered as-is, which could potentially lead to security issues.
|
||||||
|
|
||||||
|
If you need to escape the variables in the firstof tag, you must do so
|
||||||
|
explicitly::
|
||||||
|
|
||||||
{% filter force_escape %}
|
{% filter force_escape %}
|
||||||
{% firstof var1 var2 var3 "fallback value" %}
|
{% firstof var1 var2 var3 "fallback value" %}
|
||||||
|
|
Loading…
Reference in New Issue