From fed691a304883bab09077f7b0215ac0aa2dbd835 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Tue, 27 Oct 2015 14:17:19 +0000 Subject: [PATCH] Escape username in optional_logout --- rest_framework/templatetags/rest_framework.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rest_framework/templatetags/rest_framework.py b/rest_framework/templatetags/rest_framework.py index 0069d9a5e..efe46292d 100644 --- a/rest_framework/templatetags/rest_framework.py +++ b/rest_framework/templatetags/rest_framework.py @@ -53,7 +53,7 @@ def optional_logout(request, user): try: logout_url = reverse('rest_framework:logout') except NoReverseMatch: - return ''.format(user=user) + return ''.format(user=escape(user)) snippet = """