mirror of https://github.com/django/django.git
Fixed #13177 -- Corrected usage of firstof in admin templates. Thanks to nomulous for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12840 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
985e4c8dfe
commit
8dbd8b1c29
|
@ -25,7 +25,7 @@
|
|||
{% if user.is_active and user.is_staff %}
|
||||
<div id="user-tools">
|
||||
{% trans 'Welcome,' %}
|
||||
<strong>{% firstof user.first_name user.username %}</strong>.
|
||||
<strong>{% filter force_escape %}{% firstof user.first_name user.username %}{% endfilter %}</strong>.
|
||||
{% block userlinks %}
|
||||
{% url django-admindocs-docroot as docsroot %}
|
||||
{% if docsroot %}
|
||||
|
|
|
@ -113,9 +113,13 @@ You can use any number of values in a ``{% cycle %}`` tag, separated by spaces.
|
|||
Values enclosed in single (``'``) or double quotes (``"``) are treated as
|
||||
string literals, while values without quotes are treated as template variables.
|
||||
|
||||
Note that the variables included in the cycle will not be escaped. This is
|
||||
because template tags do not escape their content. If you want to escape the
|
||||
variables in the cycle, you must do so explicitly::
|
||||
Note that the variables included in the cycle will not be escaped.
|
||||
This is because template tags do not escape their content. Any HTML or
|
||||
Javascript code contained in the printed variable will be rendered
|
||||
as-is, which could potentially lead to security issues.
|
||||
|
||||
If you need to escape the variables in the cycle, you must do so
|
||||
explicitly::
|
||||
|
||||
{% filter force_escape %}
|
||||
{% cycle var1 var2 var3 %}
|
||||
|
@ -203,9 +207,13 @@ passed variables are False::
|
|||
|
||||
{% firstof var1 var2 var3 "fallback value" %}
|
||||
|
||||
Note that the variables included in the firstof tag will not be escaped. This
|
||||
is because template tags do not escape their content. If you want to escape
|
||||
the variables in the firstof tag, you must do so explicitly::
|
||||
Note that the variables included in the firstof tag will not be
|
||||
escaped. This is because template tags do not escape their content.
|
||||
Any HTML or Javascript code contained in the printed variable will be
|
||||
rendered as-is, which could potentially lead to security issues.
|
||||
|
||||
If you need to escape the variables in the firstof tag, you must do so
|
||||
explicitly::
|
||||
|
||||
{% filter force_escape %}
|
||||
{% firstof var1 var2 var3 "fallback value" %}
|
||||
|
|
Loading…
Reference in New Issue