Escape username in optional_logout

This commit is contained in:
Tom Christie 2015-10-27 14:17:19 +00:00
parent 7661398a4a
commit fed691a304

View File

@ -53,7 +53,7 @@ def optional_logout(request, user):
try: try:
logout_url = reverse('rest_framework:logout') logout_url = reverse('rest_framework:logout')
except NoReverseMatch: except NoReverseMatch:
return '<li class="navbar-text">{user}</li>'.format(user=user) return '<li class="navbar-text">{user}</li>'.format(user=escape(user))
snippet = """<li class="dropdown"> snippet = """<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown"> <a href="#" class="dropdown-toggle" data-toggle="dropdown">