Escape username in optional_logout

2025-07-11 08:42:23 +03:00 · 2015-10-27 14:17:19 +00:00 · 2015-10-27 14:17:19 +00:00 · fed691a304
commit fed691a304
parent 7661398a4a
1 changed files with 1 additions and 1 deletions
--- a/rest_framework/templatetags/rest_framework.py
+++ b/rest_framework/templatetags/rest_framework.py
@ -53,7 +53,7 @@ def optional_logout(request, user):
    try:
        logout_url = reverse('rest_framework:logout')
    except NoReverseMatch:
-        return '<li class="navbar-text">{user}</li>'.format(user=user)
+        return '<li class="navbar-text">{user}</li>'.format(user=escape(user))

    snippet = """<li class="dropdown">
        <a href="#" class="dropdown-toggle" data-toggle="dropdown">