id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
20211	BoundField.label_tag now always escapes its `contents` parameter.	Baptiste Mispelon	Baptiste Mispelon	"This behavior changed between 1.4 and 1.5:

{{{
#!python
class FooForm(forms.Form):
    foo = forms.CharField()

print FooForm().foo.label_tag('<asdf>')
}}}

In 1.4, the output of the previous code was this:
{{{
#!python
<label for=""id_foo""><asdf></label>
}}}

In 1.5, we get this:
{{{
#!python
<label for=""id_foo"">&lt;asdf&gt;</label>
}}}

This was changed by commit a92e7f37c4ae84b6b8d8016cc6783211e9047219.

I think the original intention was to **not** escape the content if it was provided, as indicated by the first line of the method (https://github.com/django/django/blob/master/django/forms/forms.py#L522):
{{{
#!python
contents = contents or conditional_escape(self.label)
}}}

This conditional escape is rendered moot by the use of `format_html` later on (introduced by the commit I linked above), which escapes everything anyway."	Bug	closed	Documentation	1.5	Release blocker	fixed			Accepted	1	0	0	0	0	0