From ab0fd8ddb1a862e8b731bbeba105aff061c7c73a Mon Sep 17 00:00:00 2001
From: Chris Church <chris@ninemoreminutes.com>
Date: Sat, 2 Jul 2016 01:41:28 -0400
Subject: [PATCH] Escape content of browsable API response.

---
 awx/templates/rest_framework/base.html | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/awx/templates/rest_framework/base.html b/awx/templates/rest_framework/base.html
index 8cb5ab97fb..6ed3cd456f 100644
--- a/awx/templates/rest_framework/base.html
+++ b/awx/templates/rest_framework/base.html
@@ -138,8 +138,10 @@
               <pre class="prettyprint"><span class="meta nocode"><b>HTTP {{ response.status_code }} {{ response.status_text }}</b>{% autoescape off %}
 {% for key, val in response_headers.items %}<b>{{ key }}:</b> <span class="lit">{{ val|break_long_headers|urlize_quoted_links }}</span>
 {% endfor %}
-{# Original line below had content|urlize_quoted_links; for Ansible Tower disable automatic URL creation here. #}
-</span>{{ content }}</pre>{% endautoescape %}
+{# Original line below had the side effect of also escaping content: #}
+{#   </span>{{ content|urlize_quoted_links }}</pre>{% endautoescape %}   #}
+{# For Ansible Tower, disable automatic URL creation and move content outside of autoescape off block. #}
+{% endautoescape %}</span>{{ content }}</pre>
             </div>
           </div>