mirror of
https://github.com/django/django.git
synced 2024-12-27 03:25:58 +00:00
f51eab796d
Thanks kmike for the report and initial patch for the changelist->edit
object view link URL.
Other affected links include the delete object one and object history
one (in this case the change had been implemented in commit 5a9e127
, this
commit adds admin-quoting of the object PK in a way similar to a222d6e.)
Refs #15294.
45 lines
967 B
JSON
45 lines
967 B
JSON
[
|
|
{
|
|
"pk": "delete",
|
|
"model": "admin_custom_urls.action",
|
|
"fields": {
|
|
"description": "Remove things."
|
|
}
|
|
},
|
|
{
|
|
"pk": "rename",
|
|
"model": "admin_custom_urls.action",
|
|
"fields": {
|
|
"description": "Gives things other names."
|
|
}
|
|
},
|
|
{
|
|
"pk": "add",
|
|
"model": "admin_custom_urls.action",
|
|
"fields": {
|
|
"description": "Add things."
|
|
}
|
|
},
|
|
{
|
|
"pk": "path/to/file/",
|
|
"model": "admin_custom_urls.action",
|
|
"fields": {
|
|
"description": "An action with '/' in its name."
|
|
}
|
|
},
|
|
{
|
|
"pk": "path/to/html/document.html",
|
|
"model": "admin_custom_urls.action",
|
|
"fields": {
|
|
"description": "An action with a name similar to a HTML doc path."
|
|
}
|
|
},
|
|
{
|
|
"pk": "javascript:alert('Hello world');\">Click here</a>",
|
|
"model": "admin_custom_urls.action",
|
|
"fields": {
|
|
"description": "An action with a name suspected of being a XSS attempt"
|
|
}
|
|
}
|
|
]
|