Fixed #2290 -- Escaped HTML in admin messages. Thanks, Sean

git-svn-id: http://code.djangoproject.com/svn/django/trunk@3282 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-07-07 03:56:15 +00:00 · 2006-07-07 03:56:15 +00:00 · 16c5cec9c1
parent 930929e2b9
commit 16c5cec9c1
1 changed files with 1 additions and 1 deletions
--- a/django/contrib/admin/templates/admin/base.html
+++ b/django/contrib/admin/templates/admin/base.html
@ -30,7 +30,7 @@
    {% endif %}

        {% if messages %}
-        <ul class="messagelist">{% for message in messages %}<li>{{ message }}</li>{% endfor %}</ul>
+        <ul class="messagelist">{% for message in messages %}<li>{{ message|escape }}</li>{% endfor %}</ul>
        {% endif %}

    <!-- Content -->