Escaped variables that should not be interpreted as HTML and which might

contain dangerous characters.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@3350 bcc190cf-cafb-0310-a4f2-bffc1f526a37

1 files changed, 4 insertions, 4 deletions

diff --git a/django/contrib/admin/templates/admin_doc/model_detail.html b/django/contrib/admin/templates/admin_doc/model_detail.html
index 9ac56864fa..44fc43e704 100644
--- a/django/contrib/admin/templates/admin_doc/model_detail.html
+++ b/django/contrib/admin/templates/admin_doc/model_detail.html
@@ -9,13 +9,13 @@
 </style>
 {% endblock %}
 
-{% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> &rsaquo; <a href="../../">Documentation</a> &rsaquo; <a href="../">Models</a> &rsaquo; {{ name }}</div>{% endblock %}
+{% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> &rsaquo; <a href="../../">Documentation</a> &rsaquo; <a href="../">Models</a> &rsaquo; {{ name|escape }}</div>{% endblock %}
 
-{% block title %}Model: {{ name }}{% endblock %}
+{% block title %}Model: {{ name|escape }}{% endblock %}
 
 {% block content %}
 <div id="content-main">
-<h1>{{ summary }}</h1>
+<h1>{{ summary|escape }}</h1>
 
 {% if description %}
   <p>{% filter escape|linebreaksbr %}{% trans description %}{% endfilter %}</p>
@@ -35,7 +35,7 @@
 <tr>
     <td>{{ field.name }}</td>
     <td>{{ field.data_type }}</td>
-    <td>{% if field.verbose %}{{ field.verbose }}{% endif %}{% if field.help_text %} - {{ field.help_text }}{% endif %}</td>
+    <td>{% if field.verbose %}{{ field.verbose|escape }}{% endif %}{% if field.help_text %} - {{ field.help_text|escape }}{% endif %}</td>
 </tr>
 {% endfor %}
 </tbody>