1. Davor Lucic
  2. django-imagekit

Commits

Justin Driscoll  committed ca3e1d1

Escaped urls in admin_thumbnail

  • Participants
  • Parent commits f0bf451
  • Branches default

Comments (0)

Files changed (1)

File imagekit/models.py

View file
 from django.core.files.base import ContentFile
 from django.db import models
 from django.db.models.base import ModelBase
+from django.utils.html import conditional_escape as escape
 from django.utils.translation import ugettext_lazy as _
 
 from imagekit import specs
         else:
             if hasattr(self, 'get_absolute_url'):
                 return u'<a href="%s"><img src="%s"></a>' % \
-                    (self.get_absolute_url(), prop.url)
+                    (escape(self.get_absolute_url()), escape(prop.url))
             else:
                 return u'<a href="%s"><img src="%s"></a>' % \
-                    (self._imgfield.url, prop.url)
+                    (escape(self._imgfield.url), escape(prop.url))
     admin_thumbnail_view.short_description = _('Thumbnail')
     admin_thumbnail_view.allow_tags = True