mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-24 13:44:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

[4.0.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.

Browse source 
Thanks Keryn Knight for the report.

Backport of 394517f078 from main.

Co-authored-by: Adam Johnson <me@adamj.eu>
This commit is contained in:
Markus Holtermann 2022-01-02 00:37:40 +01:00 committed by Mariusz Felisiak
parent 6928227dff
commit 0142204606
7 changed files with 87 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

8
docs/ref/templates/builtins.txt
View file

@ -194,7 +194,13 @@ from its first value when it's next encountered.
---------
Outputs a whole load of debugging information, including the current context
and imported modules.
and imported modules. ``{% debug %}`` outputs nothing when the :setting:`DEBUG`
setting is ``False``.
.. versionchanged:: 2.2.27
In older versions, debugging information was displayed when the
:setting:`DEBUG` setting was ``False``.
.. templatetag:: extends