[1.7.x] Fixed #24461 -- Fixed XSS issue in ModelAdmin.readonly_fields

author: Baptiste Mispelon <bmispelon@gmail.com> 2015-03-08 11:50:32 +0100
committer: Tim Graham <timograham@gmail.com> 2015-03-09 10:17:54 -0400
commit: 2654e1b93923bac55f12b4e66c5e39b16695ace5 (patch)
tree: 339c5e65ac69a07dd58bee6e4831a23bc87e7500 /django
parent: 5a3b53112193cc74d2043e09894dd29a763b1105 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/django/contrib/admin/helpers.py b/django/contrib/admin/helpers.py
index 4f6bbe51e4..6ea34e242a 100644
--- a/django/contrib/admin/helpers.py
+++ b/django/contrib/admin/helpers.py
@@ -193,7 +193,7 @@ class AdminReadonlyField(object):
                     if getattr(attr, "allow_tags", False):
                         result_repr = mark_safe(result_repr)
                     else:
-                        result_repr = linebreaksbr(result_repr)
+                        result_repr = linebreaksbr(result_repr, autoescape=True)
             else:
                 if isinstance(f.rel, ManyToManyRel) and value is not None:
                     result_repr = ", ".join(map(six.text_type, value.all()))
author	Baptiste Mispelon <bmispelon@gmail.com>	2015-03-08 11:50:32 +0100
committer	Tim Graham <timograham@gmail.com>	2015-03-09 10:17:54 -0400
commit	2654e1b93923bac55f12b4e66c5e39b16695ace5 (patch)
tree	339c5e65ac69a07dd58bee6e4831a23bc87e7500 /django
parent	5a3b53112193cc74d2043e09894dd29a763b1105 (diff)