1
0
mirror of https://github.com/django/django.git synced 2025-01-24 17:19:19 +00:00

Fixed #13177 -- Corrected usage of firstof in admin templates. Thanks to nomulous for the report and patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@12840 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Russell Keith-Magee 2010-03-23 14:52:51 +00:00
parent 985e4c8dfe
commit 8dbd8b1c29
2 changed files with 15 additions and 7 deletions

View File

@ -25,7 +25,7 @@
{% if user.is_active and user.is_staff %}
<div id="user-tools">
{% trans 'Welcome,' %}
<strong>{% firstof user.first_name user.username %}</strong>.
<strong>{% filter force_escape %}{% firstof user.first_name user.username %}{% endfilter %}</strong>.
{% block userlinks %}
{% url django-admindocs-docroot as docsroot %}
{% if docsroot %}

View File

@ -113,9 +113,13 @@ You can use any number of values in a ``{% cycle %}`` tag, separated by spaces.
Values enclosed in single (``'``) or double quotes (``"``) are treated as
string literals, while values without quotes are treated as template variables.
Note that the variables included in the cycle will not be escaped. This is
because template tags do not escape their content. If you want to escape the
variables in the cycle, you must do so explicitly::
Note that the variables included in the cycle will not be escaped.
This is because template tags do not escape their content. Any HTML or
Javascript code contained in the printed variable will be rendered
as-is, which could potentially lead to security issues.
If you need to escape the variables in the cycle, you must do so
explicitly::
{% filter force_escape %}
{% cycle var1 var2 var3 %}
@ -203,9 +207,13 @@ passed variables are False::
{% firstof var1 var2 var3 "fallback value" %}
Note that the variables included in the firstof tag will not be escaped. This
is because template tags do not escape their content. If you want to escape
the variables in the firstof tag, you must do so explicitly::
Note that the variables included in the firstof tag will not be
escaped. This is because template tags do not escape their content.
Any HTML or Javascript code contained in the printed variable will be
rendered as-is, which could potentially lead to security issues.
If you need to escape the variables in the firstof tag, you must do so
explicitly::
{% filter force_escape %}
{% firstof var1 var2 var3 "fallback value" %}