Django 1.8.14 release notes

Donate 来源:Django 浏览 154 扫码分享 2023-12-18 08:42:45

Django 1.8.14 release notes
- XSS in admin’s add/change related popup
- Bugfixes

Django 1.8.14 release notes

July 18, 2016

Django 1.8.14 fixes a security issue and a bug in 1.8.13.

Unsafe usage of JavaScript’s Element.innerHTML could result in XSS in the admin’s add/change related popup. Element.textContent is now used to prevent execution of the data.

The debug view also used innerHTML. Although a security issue wasn’t identified there, out of an abundance of caution it’s also updated to use textContent.

Bugfixes

Fixed missing varchar/text_pattern_ops index on CharField and TextField respectively when using AddField on PostgreSQL (#26889).

当前内容版权归 Django 或其关联方所有，如需对内容或内容相关联开源项目进行关注与资助，请访问 Django .

本文档使用 BookStack 构建

Django 1.8.14 release notes

Django 1.8.14 release notes

XSS in admin’s add/change related popup

Bugfixes