diff options
| author | Gary Wilson Jr <gary.wilson@gmail.com> | 2007-11-18 06:51:20 +0000 |
|---|---|---|
| committer | Gary Wilson Jr <gary.wilson@gmail.com> | 2007-11-18 06:51:20 +0000 |
| commit | 38d972b9ecb01fdb863c686de0b958389bc20220 (patch) | |
| tree | 2199b3f9f0a2f8c94bb36cd6efdfcad93c9e5c4b /docs | |
| parent | 5f8cfe99f3d508cfd7f3eecf50d41a3ac7e7442a (diff) | |
Fixed #5880 -- Fixed an XSS hole in the admin interface.
* Escaped text that gets sent after saving the admin foreignkey popup form.
* Added quotes around the second argument passed to `opener.dismissAddAnotherPopup` to make the function also work when a text field is used as the primary key.
* Added a `html_unescape` javascript function to unescape the strings passed in to the `dismissAddAnotherPopup` function so that the added choice displays correctly in the dropdown box.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6691 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs')
0 files changed, 0 insertions, 0 deletions
