8000 fix: Fallback page names were not escaped by fsbraun · Pull Request #8113 · django-cms/django-cms · GitHub
[go: up one dir, main page]
Skip to content

fix: Fallback page names were not escaped #8113

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jan 22, 2025
Merged

fix: Fallback page names were not escaped #8113

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
fix: Fallback page names were not escaped
  • Loading branch information
@fsbraun
fsbraun committed Jan 16, 2025
commit 17647784f1d40e85bbf2fbd12578ebb01595ddf0
4 changes: 2 additions & 2 deletions cms/templatetags/cms_admin.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
from django.contrib.admin.views.main import ERROR_FLAG
from django.template.loader import render_to_string
from django.utils.encoding import force_str
from django.utils.html import format_html
from django.utils.html import escape, format_html
from django.utils.safestring import mark_safe
from django.utils.translation import get_language, gettext_lazy as _

Expand Down Expand Up @@ -99,7 +99,7 @@ def get_page_display_name(cms_page):
title = page_content.title or page_content.page_title or page_content.menu_title
if not title:
title = cms_page.get_slug(language) or _("Empty")
return title if page_content.language == language else mark_safe(f"<em>{title} ({page_content.language})</em>")
return title if page_content.language == language else mark_safe(f"<em>{escape(title)} ({page_content.language})</em>")


class TreePublishRow(Tag):
Expand Down
Loading
0