diff options
| author | Gabriel | 2010-01-22 16:49:54 +0100 |
|---|---|---|
| committer | Rob Hudson | 2010-01-22 08:23:14 -0800 |
| commit | 83b312ea1a3990fb59d2e6e9b2e5c146889cc0b0 (patch) | |
| tree | 1714fc95b5367d4f871cb18ec67b3593f5312767 | |
| parent | e25a6ba55b437091ab8d5d801d6f3ef227d92d95 (diff) | |
| download | django-debug-toolbar-83b312ea1a3990fb59d2e6e9b2e5c146889cc0b0.tar.bz2 | |
Escape invalid html in SQL queries.
For example, a query containing a stray ampersand needs to be escaped.
Signed-off-by: Rob Hudson <rob@cogit8.org>
| -rw-r--r-- | debug_toolbar/panels/sql.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/debug_toolbar/panels/sql.py b/debug_toolbar/panels/sql.py index 1ac8445..e1e9bdf 100644 --- a/debug_toolbar/panels/sql.py +++ b/debug_toolbar/panels/sql.py @@ -197,7 +197,7 @@ class BoldKeywordFilter(sqlparse.filters.Filter): is_keyword = token_type in sqlparse.tokens.Keyword if is_keyword: yield sqlparse.tokens.Text, '<strong>' - yield token_type, value + yield token_type, django.utils.html.escape(value) if is_keyword: yield sqlparse.tokens.Text, '</strong>' |