mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-27 03:54:01 +03:00
Log in and log out require escape and mark_safe
This commit is contained in:
parent
24a2c3f5c3
commit
a5ddd90df0
|
@ -41,8 +41,9 @@ def optional_login(request):
|
||||||
except NoReverseMatch:
|
except NoReverseMatch:
|
||||||
return ''
|
return ''
|
||||||
|
|
||||||
snippet = "<li><a href='{href}?next={next}'>Log in</a></li>".format(href=login_url, next=escape(request.path))
|
snippet = "<li><a href='{href}?next={next}'>Log in</a></li>"
|
||||||
return snippet
|
snippet = snippet.format(href=login_url, next=escape(request.path))
|
||||||
|
return mark_safe(snippet)
|
||||||
|
|
||||||
|
|
||||||
@register.simple_tag
|
@register.simple_tag
|
||||||
|
@ -64,8 +65,8 @@ def optional_logout(request, user):
|
||||||
<li><a href='{href}?next={next}'>Log out</a></li>
|
<li><a href='{href}?next={next}'>Log out</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
</li>"""
|
</li>"""
|
||||||
|
snippet = snippet.format(user=escape(user), href=logout_url, next=escape(request.path))
|
||||||
return snippet.format(user=user, href=logout_url, next=escape(request.path))
|
return mark_safe(snippet)
|
||||||
|
|
||||||
|
|
||||||
@register.simple_tag
|
@register.simple_tag
|
||||||
|
|
Loading…
Reference in New Issue
Block a user