diff --git a/django/contrib/admin/templates/admin/base_site.html b/django/contrib/admin/templates/admin/base_site.html index b867bd29bd..2bc7310873 100644 --- a/django/contrib/admin/templates/admin/base_site.html +++ b/django/contrib/admin/templates/admin/base_site.html @@ -1,7 +1,7 @@ {% extends "admin/base.html" %} {% load i18n %} -{% block title %}{{ title }} | {% trans 'Django site admin' %}{% endblock %} +{% block title %}{{ title|escape }} | {% trans 'Django site admin' %}{% endblock %} {% block branding %}

{% trans 'Django administration' %}

diff --git a/django/contrib/admin/templates/admin/change_form.html b/django/contrib/admin/templates/admin/change_form.html index fa04969f01..e61eb5513b 100644 --- a/django/contrib/admin/templates/admin/change_form.html +++ b/django/contrib/admin/templates/admin/change_form.html @@ -11,8 +11,8 @@ {% block breadcrumbs %}{% if not is_popup %}
{% trans "Home" %} › - {{ opts.verbose_name_plural|capfirst }} › - {% if add %}{% trans "Add" %} {{ opts.verbose_name }}{% else %}{{ original|truncatewords:"18"|escape }}{% endif %} + {{ opts.verbose_name_plural|capfirst|escape }} › + {% if add %}{% trans "Add" %} {{ opts.verbose_name|escape }}{% else %}{{ original|truncatewords:"18"|escape }}{% endif %}
{% endif %}{% endblock %} {% block content %}
diff --git a/django/contrib/admin/templates/admin/change_list.html b/django/contrib/admin/templates/admin/change_list.html index 5b54bfb8cc..bd2304bd52 100644 --- a/django/contrib/admin/templates/admin/change_list.html +++ b/django/contrib/admin/templates/admin/change_list.html @@ -3,12 +3,12 @@ {% block stylesheet %}{% admin_media_prefix %}css/changelists.css{% endblock %} {% block bodyclass %}change-list{% endblock %} {% block userlinks %}{% trans 'Documentation' %} / {% trans 'Change password' %} / {% trans 'Log out' %}{% endblock %} -{% if not is_popup %}{% block breadcrumbs %}
{% trans "Home" %} › {{ cl.opts.verbose_name_plural|capfirst }}
{% endblock %}{% endif %} +{% if not is_popup %}{% block breadcrumbs %}
{% trans "Home" %} › {{ cl.opts.verbose_name_plural|capfirst|escape }}
{% endblock %}{% endif %} {% block coltype %}flex{% endblock %} {% block content %}
{% if has_add_permission %} - + {% endif %}
{% block search %}{% search_form cl %}{% endblock %} diff --git a/django/contrib/admin/templates/admin/date_hierarchy.html b/django/contrib/admin/templates/admin/date_hierarchy.html index a53d810f93..d2d69616c7 100644 --- a/django/contrib/admin/templates/admin/date_hierarchy.html +++ b/django/contrib/admin/templates/admin/date_hierarchy.html @@ -1,10 +1,10 @@ {% if show %}

-{% endif %} \ No newline at end of file +{% endif %} diff --git a/django/contrib/admin/templates/admin/delete_confirmation.html b/django/contrib/admin/templates/admin/delete_confirmation.html index 6af1983899..3921ab69e3 100644 --- a/django/contrib/admin/templates/admin/delete_confirmation.html +++ b/django/contrib/admin/templates/admin/delete_confirmation.html @@ -4,8 +4,8 @@ {% block breadcrumbs %}
{% trans "Home" %} › - {{ opts.verbose_name_plural|capfirst }} › - {{ object|striptags|truncatewords:"18" }} › + {{ opts.verbose_name_plural|capfirst|escape }} › + {{ object|escape|truncatewords:"18" }} › {% trans 'Delete' %}
{% endblock %} @@ -14,7 +14,7 @@

{% blocktrans with object|escape as escaped_object %}Deleting the {{ object_name }} '{{ escaped_object }}' would result in deleting related objects, but your account doesn't have permission to delete the following types of objects:{% endblocktrans %}

    {% for obj in perms_lacking %} -
  • {{ obj }}
    • +
  • {{ obj|escape }}
    • {% endfor %}
{% else %} diff --git a/django/contrib/admin/templates/admin/edit_inline_stacked.html b/django/contrib/admin/templates/admin/edit_inline_stacked.html index 45aa0a4f58..48ecc698d9 100644 --- a/django/contrib/admin/templates/admin/edit_inline_stacked.html +++ b/django/contrib/admin/templates/admin/edit_inline_stacked.html @@ -1,7 +1,7 @@ {% load admin_modify %}
{% for fcw in bound_related_object.form_field_collection_wrappers %} -

{{ bound_related_object.relation.opts.verbose_name|capfirst }} #{{ forloop.counter }}

+

{{ bound_related_object.relation.opts.verbose_name|capfirst|escape }} #{{ forloop.counter }}

{% if bound_related_object.show_url %}{% if fcw.obj.original %}

View on site

{% endif %}{% endif %} diff --git a/django/contrib/admin/templates/admin/edit_inline_tabular.html b/django/contrib/admin/templates/admin/edit_inline_tabular.html index e9535df02c..13d528331b 100644 --- a/django/contrib/admin/templates/admin/edit_inline_tabular.html +++ b/django/contrib/admin/templates/admin/edit_inline_tabular.html @@ -1,10 +1,10 @@ {% load admin_modify %}
-

{{ bound_related_object.relation.opts.verbose_name_plural|capfirst }}

+

{{ bound_related_object.relation.opts.verbose_name_plural|capfirst|escape }}

{% for fw in bound_related_object.field_wrapper_list %} {% if fw.needs_header %} - {{ fw.field.verbose_name|capfirst }} + {{ fw.field.verbose_name|capfirst|escape }} {% endif %} {% endfor %} {% for fcw in bound_related_object.form_field_collection_wrappers %} diff --git a/django/contrib/admin/templates/admin/filter.html b/django/contrib/admin/templates/admin/filter.html index 5b0e78b6fc..8b5b521437 100644 --- a/django/contrib/admin/templates/admin/filter.html +++ b/django/contrib/admin/templates/admin/filter.html @@ -1,5 +1,5 @@ {% load i18n %} -

{% blocktrans %} By {{ title }} {% endblocktrans %}

+

{% blocktrans with title|escape as filter_title %} By {{ filter_title }} {% endblocktrans %}

    {% for choice in choices %} diff --git a/django/contrib/admin/templates/admin/index.html b/django/contrib/admin/templates/admin/index.html index f7b121723a..aa63c14fce 100644 --- a/django/contrib/admin/templates/admin/index.html +++ b/django/contrib/admin/templates/admin/index.html @@ -19,9 +19,9 @@ {% for model in app.models %}
{% if model.perms.change %} - + {% else %} - + {% endif %} {% if model.perms.add %} @@ -58,7 +58,7 @@ {% else %} {% endif %} diff --git a/django/contrib/admin/templates/admin/invalid_setup.html b/django/contrib/admin/templates/admin/invalid_setup.html index 1fa0d32358..1d7d61f0d2 100644 --- a/django/contrib/admin/templates/admin/invalid_setup.html +++ b/django/contrib/admin/templates/admin/invalid_setup.html @@ -1,7 +1,7 @@ {% extends "admin/base_site.html" %} {% load i18n %} -{% block breadcrumbs %}
{% trans 'Home' %} › {{ title }}
{% endblock %} +{% block breadcrumbs %}
{% trans 'Home' %} › {{ title|escape }}
{% endblock %} {% block content %} diff --git a/django/contrib/admin/templates/admin/object_history.html b/django/contrib/admin/templates/admin/object_history.html index 6b71e308fe..14a77b8a31 100644 --- a/django/contrib/admin/templates/admin/object_history.html +++ b/django/contrib/admin/templates/admin/object_history.html @@ -2,7 +2,7 @@ {% load i18n %} {% block userlinks %}{% trans 'Documentation' %} / {% trans 'Change password' %} / {% trans 'Log out' %}{% endblock %} {% block breadcrumbs %} -
{% trans 'Home' %}{{ module_name }}{{ object|escape|truncatewords:"18" }} › {% trans 'History' %}
+
{% trans 'Home' %}{{ module_name|escape }}{{ object|escape|truncatewords:"18" }} › {% trans 'History' %}
{% endblock %} {% block content %} diff --git a/django/contrib/admin/templates/admin/pagination.html b/django/contrib/admin/templates/admin/pagination.html index 7694e4c5b0..e1c09b2932 100644 --- a/django/contrib/admin/templates/admin/pagination.html +++ b/django/contrib/admin/templates/admin/pagination.html @@ -6,6 +6,6 @@ {% paginator_number cl i %} {% endfor %} {% endif %} -{{ cl.result_count }} {% ifequal cl.result_count 1 %}{{ cl.opts.verbose_name }}{% else %}{{ cl.opts.verbose_name_plural }}{% endifequal %} +{{ cl.result_count }} {% ifequal cl.result_count 1 %}{{ cl.opts.verbose_name|escape }}{% else %}{{ cl.opts.verbose_name_plural|escape }}{% endifequal %} {% if show_all_url %}  {% trans 'Show all' %}{% endif %}

{{ model.name }}{{ model.name|escape }}{{ model.name }}{{ model.name|escape }}