hacktoolkit
diff --git a/‎debug_toolbar/panels/templates/panel.py
Lines changed: 3 additions & 0 deletions b/‎debug_toolbar/panels/templates/panel.py
Lines changed: 3 additions & 0 deletions
diff --git a/‎debug_toolbar/panels/templates/views.py
Lines changed: 5 additions & 0 deletions b/‎debug_toolbar/panels/templates/views.py
Lines changed: 5 additions & 0 deletions
diff --git a/‎debug_toolbar/templates/debug_toolbar/panels/templates.html
Lines changed: 1 addition & 1 deletion b/‎debug_toolbar/templates/debug_toolbar/panels/templates.html
Lines changed: 1 addition & 1 deletion
@@ -7,6 +7,7 @@
 
 from django import http
 from django.conf.urls import url
+from django.core import signing
 from django.db.models.query import QuerySet, RawQuerySet
 from django.template import RequestContext, Template
 from django.test.signals import template_rendered
@@ -192,8 +193,10 @@ def generate_stats(self, request, response):
             template = template_data.get('template', None)
             if hasattr(template, 'origin') and template.origin and template.origin.name:
                 template.origin_name = template.origin.name
+                template.origin_hash = signing.dumps(template.origin.name)
             else:
                 template.origin_name = _('No origin')
+                template.origin_hash = ''
             info['template'] = template
             # Clean up context for better readability
             if self.toolbar.config['SHOW_TEMPLATE_CONTEXT']:
 
@@ -1,5 +1,6 @@
 from __future__ import absolute_import, unicode_literals
 
+from django.core import signing
 from django.http import HttpResponseBadRequest
 from django.template import TemplateDoesNotExist
 from django.template.engine import Engine
@@ -23,6 +24,10 @@ def template_source(request):
     template_origin_name = request.GET.get('template_origin', None)
     if template_origin_name is None:
         return HttpResponseBadRequest('"template_origin" key is required')
+    try:
+        template_origin_name = signing.loads(template_origin_name)
+    except Exception:
+        return HttpResponseBadRequest('"template_origin" is invalid')
     template_name = request.GET.get('template', template_origin_name)
 
     final_loaders = []
 
@@ -14,7 +14,7 @@ <h4>{% blocktrans count templates|length as template_count %}Template{% plural %
 {% if templates %}
 <dl>
 {% for template in templates %}
-<dt><strong><a class="remoteCall toggleTemplate" href="{% url 'djdt:template_source' %}?template={{ template.template.name }}&amp;template_origin={{ template.template.origin_name }}">{{ template.template.name|addslashes }}</a></strong></dt>
+<dt><strong><a class="remoteCall toggleTemplate" href="{% url 'djdt:template_source' %}?template={{ template.template.name }}&amp;template_origin={{ template.template.origin_hash }}">{{ template.template.name|addslashes }}</a></strong></dt>
 	<dd><samp>{{ template.template.origin_name|addslashes }}</samp></dd>
 	{% if template.context %}
 	<dd>