mirror of
https://github.com/encode/django-rest-framework.git
synced 2025-07-11 00:32:20 +03:00
Escape username in optional_logout
This commit is contained in:
parent
7661398a4a
commit
fed691a304
|
@ -53,7 +53,7 @@ def optional_logout(request, user):
|
|||
try:
|
||||
logout_url = reverse('rest_framework:logout')
|
||||
except NoReverseMatch:
|
||||
return '<li class="navbar-text">{user}</li>'.format(user=user)
|
||||
return '<li class="navbar-text">{user}</li>'.format(user=escape(user))
|
||||
|
||||
snippet = """<li class="dropdown">
|
||||
<a href="#" class="dropdown-toggle" data-toggle="dropdown">
|
||||
|
|
Loading…
Reference in New Issue
Block a user