mirror of https://github.com/django/django.git
Fixed #11502 - wrong escaping in admin.
Thanks Tomasz Elendt. git-svn-id: http://code.djangoproject.com/svn/django/trunk@11497 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
49cf7f4a51
commit
4decf03f9c
|
@ -265,7 +265,7 @@ def date_hierarchy(cl):
|
|||
day_lookup = cl.params.get(day_field)
|
||||
year_month_format, month_day_format = get_partial_date_formats()
|
||||
|
||||
link = lambda d: mark_safe(cl.get_query_string(d, [field_generic]))
|
||||
link = lambda d: cl.get_query_string(d, [field_generic])
|
||||
|
||||
if year_lookup and month_lookup and day_lookup:
|
||||
day = datetime.date(int(year_lookup), int(month_lookup), int(day_lookup))
|
||||
|
|
|
@ -7,6 +7,7 @@ import copy
|
|||
from django import forms
|
||||
from django.forms.widgets import RadioFieldRenderer
|
||||
from django.forms.util import flatatt
|
||||
from django.utils.html import escape
|
||||
from django.utils.text import truncate_words
|
||||
from django.utils.translation import ugettext as _
|
||||
from django.utils.safestring import mark_safe
|
||||
|
@ -148,7 +149,7 @@ class ForeignKeyRawIdWidget(forms.TextInput):
|
|||
def label_for_value(self, value):
|
||||
key = self.rel.get_related_field().name
|
||||
obj = self.rel.to._default_manager.get(**{key: value})
|
||||
return ' <strong>%s</strong>' % truncate_words(obj, 14)
|
||||
return ' <strong>%s</strong>' % escape(truncate_words(obj, 14))
|
||||
|
||||
class ManyToManyRawIdWidget(ForeignKeyRawIdWidget):
|
||||
"""
|
||||
|
|
Loading…
Reference in New Issue