id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
24461	Admin readonly_fields pointing to properties (@property) do not get escaped.	Eran Rundstein	Baptiste Mispelon	"Hey,

My model has a @property, and I am using readonly_fields to display it. allow_tags is nowhere to be seen, and I believe the culprit is the following code (env/lib/python2.7/site-packages/django/contrib/admin/helpers.py):
{{{
                    result_repr = smart_text(value)
                    if getattr(attr, ""allow_tags"", False):
                        result_repr = mark_safe(result_repr)
                    else:
                        result_repr = linebreaksbr(result_repr)
}}}
This is used by AdminReadonlyField to render the field. Unfortunately, linebreaksbr replies on the template system autoescape mechanism, which isn't kicking in when calling the filter directly:
{{{
In [2]: linebreaksbr('<a>test</a>')
Out[2]: u'<a>test</a>'

In [3]: type(_)
Out[3]: django.utils.safestring.SafeText
}}}"	Bug	closed	contrib.admin	1.7	Normal	fixed			Accepted	0	0	0	0	0	0