- Language: en
July 18, 2016
Django 1.8.14 fixes a security issue and a bug in 1.8.13.
Element.innerHTML could result in XSS in the
admin’s add/change related popup.
Element.textContent is now used to
prevent execution of the data.
The debug view also used
innerHTML. Although a security issue wasn’t
identified there, out of an abundance of caution it’s also updated to use