diff options
| author | Malcolm Tredinnick <malcolm.tredinnick@gmail.com> | 2006-07-15 01:07:13 +0000 |
|---|---|---|
| committer | Malcolm Tredinnick <malcolm.tredinnick@gmail.com> | 2006-07-15 01:07:13 +0000 |
| commit | 6d104115d1e1e57acd4e9105bca6bdb8b5983230 (patch) | |
| tree | 790a233e1dc2f656dbb4c4948170c79fe8eadf75 /django/contrib/admin/templates/widget/foreign.html | |
| parent | ebc6f90d4445e31724e35c23dbf6d9a1953466bd (diff) | |
More pre-emptive escaping of strings that should not be interpreted as HTML.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3352 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'django/contrib/admin/templates/widget/foreign.html')
| -rw-r--r-- | django/contrib/admin/templates/widget/foreign.html | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/django/contrib/admin/templates/widget/foreign.html b/django/contrib/admin/templates/widget/foreign.html index 6b43d044bd..301f5214db 100644 --- a/django/contrib/admin/templates/widget/foreign.html +++ b/django/contrib/admin/templates/widget/foreign.html @@ -15,6 +15,6 @@ {{ bound_field.original_value }} {% endif %} {% if bound_field.raw_id_admin %} - {% if bound_field.existing_display %} <strong>{{ bound_field.existing_display|truncatewords:"14" }}</strong>{% endif %} + {% if bound_field.existing_display %} <strong>{{ bound_field.existing_display|truncatewords:"14"|escape }}</strong>{% endif %} {% endif %} {% endif %} |