summaryrefslogtreecommitdiff
path: root/tests/admin_widgets/models.py
diff options
context:
space:
mode:
authorJon Dufresne <jon.dufresne@gmail.com>2020-05-26 09:51:02 +0200
committerCarlton Gibson <carlton.gibson@noumenal.es>2020-06-03 09:23:00 +0200
commit2dd4d110c159d0c81dff42eaead2c378a0998735 (patch)
tree882d7a84a709dbc73e63c684bdbcdf2449d7dec1 /tests/admin_widgets/models.py
parent81dc710571b773557170cce9764fff83b6dfd8ae (diff)
Fixed CVE-2020-13596 -- Fixed potential XSS in admin ForeignKeyRawIdWidget.
Diffstat (limited to 'tests/admin_widgets/models.py')
-rw-r--r--tests/admin_widgets/models.py8
1 files changed, 8 insertions, 0 deletions
diff --git a/tests/admin_widgets/models.py b/tests/admin_widgets/models.py
index b5025fdfd7..88bf2b8fca 100644
--- a/tests/admin_widgets/models.py
+++ b/tests/admin_widgets/models.py
@@ -27,6 +27,14 @@ class Band(models.Model):
return self.name
+class UnsafeLimitChoicesTo(models.Model):
+ band = models.ForeignKey(
+ Band,
+ models.CASCADE,
+ limit_choices_to={'name': '"&><escapeme'},
+ )
+
+
class Album(models.Model):
band = models.ForeignKey(Band, models.CASCADE)
featuring = models.ManyToManyField(Band, related_name='featured')