newforms-admin: Removed mark_safe from the saved request path on the admin login form. This prevents a potential XSS attack. Formal announcement will be forthcoming.

git-svn-id: http://code.djangoproject.com/svn/django/branches/newforms-admin@7522 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-07-04 09:49:12 +00:00 · 2008-05-10 13:36:17 +00:00 · 2008-05-10 13:36:17 +00:00 · 7c5fe053c6
commit 7c5fe053c6
parent c04de46b3c
1 changed files with 1 additions and 1 deletions
--- a/django/contrib/admin/views/decorators.py
+++ b/django/contrib/admin/views/decorators.py
@ -29,7 +29,7 @@ def _display_login_form(request, error_message=''):
        post_data = _encode_post_data({})
    return render_to_response('admin/login.html', {
        'title': _('Log in'),
-        'app_path': mark_safe(request.path),
+        'app_path': request.path,
        'post_data': post_data,
        'error_message': error_message
    }, context_instance=template.RequestContext(request))