From a5ddd90df03fe04793e605d26d01f86391fa4771 Mon Sep 17 00:00:00 2001
From: Tom Christie <tom@tomchristie.com>
Date: Fri, 28 Aug 2015 10:27:49 +0100
Subject: [PATCH] Log in and log out require escape and mark_safe

---
 rest_framework/templatetags/rest_framework.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/rest_framework/templatetags/rest_framework.py b/rest_framework/templatetags/rest_framework.py
index 0069d9a5e..08acecef7 100644
--- a/rest_framework/templatetags/rest_framework.py
+++ b/rest_framework/templatetags/rest_framework.py
@@ -41,8 +41,9 @@ def optional_login(request):
     except NoReverseMatch:
         return ''
 
-    snippet = "<li><a href='{href}?next={next}'>Log in</a></li>".format(href=login_url, next=escape(request.path))
-    return snippet
+    snippet = "<li><a href='{href}?next={next}'>Log in</a></li>"
+    snippet = snippet.format(href=login_url, next=escape(request.path))
+    return mark_safe(snippet)
 
 
 @register.simple_tag
@@ -64,8 +65,8 @@ def optional_logout(request, user):
             <li><a href='{href}?next={next}'>Log out</a></li>
         </ul>
     </li>"""
-
-    return snippet.format(user=user, href=logout_url, next=escape(request.path))
+    snippet = snippet.format(user=escape(user), href=logout_url, next=escape(request.path))
+    return mark_safe(snippet)
 
 
 @register.simple_tag