tickets: 758
This data as json
| id | created | changetime | last_pulled_from_trac | stage | status | component | type | severity | version | resolution | summary | description | owner | reporter | keywords | easy | has_patch | needs_better_patch | needs_tests | needs_docs | ui_ux |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 758 | 2005-11-09 05:33:24 | 2007-07-12 18:02:16 | 2022-03-06 03:21:35.928754 | Accepted | closed | contrib.admin | defect | normal | fixed | django_admin_log items should be HTML-escaped when shown in admin interface | Admin actions are currently added to the `django_admin_log` table with the `object_repr` column set to the object's `__repr__`. When displayed in the "Recent Actions" sidebar in the admin, however, these bits of text are not escaped to be HTML-safe; anything enclosed in `<angle brackets>`, for instance, seems invisible to the admin interface user as the browser interprets it as a tag. | adrian | Tom Tobin <korpios@korpios.com> | 0 | 0 | 0 | 0 | 0 | 0 |