mirror of
https://github.com/django/django.git
synced 2024-12-23 09:36:06 +00:00
Removed mark_safe from the saved request path on the admin login form. This prevents a potential XSS attack. Formal announcement will be forthcoming.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7521 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
4880ba3ce1
commit
41635d2176
@ -29,7 +29,7 @@ def _display_login_form(request, error_message=''):
|
||||
post_data = _encode_post_data({})
|
||||
return render_to_response('admin/login.html', {
|
||||
'title': _('Log in'),
|
||||
'app_path': mark_safe(request.path),
|
||||
'app_path': request.path,
|
||||
'post_data': post_data,
|
||||
'error_message': error_message
|
||||
}, context_instance=template.RequestContext(request))
|
||||
|
Loading…
Reference in New Issue
Block a user