[Django] #24466: Improve consistency of JavaScript escaping in the admin
7 views
Skip to first unread message
Django
Mar 10, 2015, 8:39:36 AM3/10/15
to django-...@googlegroups.com
#24466: Improve consistency of JavaScript escaping in the admin
-------------------------------------+-------------------------------------
Reporter: timgraham | Owner: timgraham
Type: | Status: new
Cleanup/optimization |
Component: | Version: master
contrib.admin |
Severity: Normal | Keywords:
Triage Stage: Accepted | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Escaping of values inserted into JavaScript code should always be done in
the template rather than in the view (since context values could be reused
in a template outside of JavaScript where JS escaping isn't desired). Some
values like model `verbose_name` aren't currently escaped and it wouldn't
hurt to add escaping there.
-------------------------------------+-------------------------------------
Reporter: timgraham | Owner: timgraham
Type: | Status: new
Cleanup/optimization |
Component: | Version: master
contrib.admin |
Severity: Normal | Keywords:
Triage Stage: Accepted | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Escaping of values inserted into JavaScript code should always be done in
the template rather than in the view (since context values could be reused
in a template outside of JavaScript where JS escaping isn't desired). Some
values like model `verbose_name` aren't currently escaped and it wouldn't
hurt to add escaping there.
--
Ticket URL: <https://code.djangoproject.com/ticket/24466>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Mar 10, 2015, 8:43:57 AM3/10/15
to django-...@googlegroups.com
#24466: Improve consistency of JavaScript escaping in the admin
-------------------------------------+-------------------------------------
Reporter: timgraham | Owner: timgraham
Type: | Status: new
Cleanup/optimization |
Component: contrib.admin | Version: master-------------------------------------+-------------------------------------
Reporter: timgraham | Owner: timgraham
Type: | Status: new
Cleanup/optimization |
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by timgraham):
[https://github.com/django/django/pull/4289 PR]
--
Ticket URL: <https://code.djangoproject.com/ticket/24466#comment:1>
Django
Mar 30, 2015, 7:16:03 PM3/30/15
to django-...@googlegroups.com
#24466: Improve consistency of JavaScript escaping in the admin
-------------------------------------+-------------------------------------
Reporter: timgraham | Owner: timgraham
Type: | Status: closed-------------------------------------+-------------------------------------
Reporter: timgraham | Owner: timgraham
Cleanup/optimization |
Component: contrib.admin | Version: master
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"845817b039fc059955bb1eafa5fd78565a49159d" 845817b]:
{{{
#!CommitTicketReference repository=""
revision="845817b039fc059955bb1eafa5fd78565a49159d"
Fixed #24466 -- Added JavaScript escaping in a couple places in the admin.
Thanks Aymeric Augustin and Florian Apolloner for work on the patch.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/24466#comment:2>
Reply all
Reply to author
Forward
0 new messages