Fixed #25018 -- Changed simple_tag to apply conditional_escape() to its output.

This is a security hardening fix to help prevent XSS (and incorrect HTML) for the common use case of simple_tag. Thanks to Tim Graham for the review.
author: Luke Plant <L.Plant.98@cantab.net> 2015-06-15 11:17:09 +0100
committer: Tim Graham <timograham@gmail.com> 2015-06-29 08:16:19 -0400
commit: aef2a0ec59301022354c043744a6a2fa13583aa1 (patch)
tree: ad562a7c7c5379594b499e14574e181188a51f10 /tests/admin_views
parent: 9ed82154bd0bd01c6195942db84302e791ad366f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py
index b0c74b31fa..43dd92e7f9 100644
--- a/tests/admin_views/tests.py
+++ b/tests/admin_views/tests.py
@@ -2434,7 +2434,7 @@ class AdminViewStringPrimaryKeyTest(TestCase):
         expected_link = reverse('admin:%s_modelwithstringprimarykey_history' %
             ModelWithStringPrimaryKey._meta.app_label,
             args=(quote(self.pk),))
-        self.assertContains(response, '<a href="%s" class="historylink"' % expected_link)
+        self.assertContains(response, '<a href="%s" class="historylink"' % escape(expected_link))
 
     def test_redirect_on_add_view_continue_button(self):
         """As soon as an object is added using "Save and continue editing"
author	Luke Plant <L.Plant.98@cantab.net>	2015-06-15 11:17:09 +0100
committer	Tim Graham <timograham@gmail.com>	2015-06-29 08:16:19 -0400
commit	aef2a0ec59301022354c043744a6a2fa13583aa1 (patch)
tree	ad562a7c7c5379594b499e14574e181188a51f10 /tests/admin_views
parent	9ed82154bd0bd01c6195942db84302e791ad366f (diff)