Log in and log out require escape and mark_safe

a5ddd90d · Tom Christie · 24a2c3f5 · a5ddd90d
Commit a5ddd90d authored Aug 28, 2015 by Tom Christie
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 4 deletions

rest_framework/templatetags/rest_framework.py
+5 -4

No files found.
--- a/rest_framework/templatetags/rest_framework.py
+++ b/rest_framework/templatetags/rest_framework.py
@@ -41,8 +41,9 @@ def optional_login(request):
    except NoReverseMatch:
        return ''
-    snippet = "<li><a href='{href}?next={next}'>Log in</a></li>".format(href=login_url, next=escape(request.path))
+    snippet = "<li><a href='{href}?next={next}'>Log in</a></li>"
-    return snippet
+    snippet = snippet.format(href=login_url, next=escape(request.path))
+    return mark_safe(snippet)
 @register.simple_tag
@@ -64,8 +65,8 @@ def optional_logout(request, user):
            <li><a href='{href}?next={next}'>Log out</a></li>
        </ul>
    </li>"""
+    snippet = snippet.format(user=escape(user), href=logout_url, next=escape(request.path))
-    return snippet.format(user=user, href=logout_url, next=escape(request.path))
+    return mark_safe(snippet)
 @register.simple_tag