Properly escape title of blogposts when generating Delete link with the title in it,

so it's possible to delete a post that has a single quote in the title.

Per report from JD

diff --git a/hamnadmin/register/templates/blogposts.html b/hamnadmin/register/templates/blogposts.html
index d3f265e236e168fd6ed9c63659ec76531d9b583a..a4a2c2f1c6cb001b8c902e0e8449ed46ec9c1ddd 100644 (file)
--- a/hamnadmin/register/templates/blogposts.html
+++ b/hamnadmin/register/templates/blogposts.html
@@ -30,7 +30,7 @@ Return to <a href="../..">blog list</a>.
  <td>{{post.hidden|yesno:"Hidden,Visible"}}</td>
  <td>
   {%if post.hidden%}<a href="unhide/{{post.id}}/">Unhide</a>{%else%}<a href="hide/{{post.id}}/">Hide</a>{%endif%}<br/>
-  <a href="#" onClick="confirmDelete('{{post.title}}',{{post.id}})">Delete</a>
+  <a href="#" onClick="confirmDelete('{{post.title|escapejs}}',{{post.id}})">Delete</a>
  </td>
 </tr>
 {%endfor%}