mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-26 19:43:59 +03:00
Log in and log out require escape and mark_safe
This commit is contained in:
parent
24a2c3f5c3
commit
a5ddd90df0
|
@ -41,8 +41,9 @@ def optional_login(request):
|
|||
except NoReverseMatch:
|
||||
return ''
|
||||
|
||||
snippet = "<li><a href='{href}?next={next}'>Log in</a></li>".format(href=login_url, next=escape(request.path))
|
||||
return snippet
|
||||
snippet = "<li><a href='{href}?next={next}'>Log in</a></li>"
|
||||
snippet = snippet.format(href=login_url, next=escape(request.path))
|
||||
return mark_safe(snippet)
|
||||
|
||||
|
||||
@register.simple_tag
|
||||
|
@ -64,8 +65,8 @@ def optional_logout(request, user):
|
|||
<li><a href='{href}?next={next}'>Log out</a></li>
|
||||
</ul>
|
||||
</li>"""
|
||||
|
||||
return snippet.format(user=user, href=logout_url, next=escape(request.path))
|
||||
snippet = snippet.format(user=escape(user), href=logout_url, next=escape(request.path))
|
||||
return mark_safe(snippet)
|
||||
|
||||
|
||||
@register.simple_tag
|
||||
|
|
Loading…
Reference in New Issue
Block a user