Opened 4 years ago

Closed 4 years ago

#25053 closed Bug (fixed)

Admin: Password help_text only uses "safe" filter when adding a user

Reported by: Adam Owned by: nobody
Component: contrib.admin Version: 1.8
Severity: Normal Keywords: password help_text safe
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

The "admin/auth/user/add_form.html" template extends "admin/change_form.html", which uses "admin/includes/fieldset.html", which displays help_text using the "safe" filter:

{{ field.field.help_text|safe }}

The "admin/auth/user/change_password.html" template, on the other hand, displays help_text without using the "safe" filter:

{{ form.password1.help_text }}
{{ form.password2.help_text }}

Same with the "registration/password_change_form.html" template:

{{ form.new_password1.help_text }}
{{ form.new_password2.help_text }}

Thus, if either password field has help_text with HTML, it will only display correctly when adding a user.

I will be submitting a pull request soon.

Change History (3)

comment:2 Changed 4 years ago by Tim Graham

Has patch: set
Triage Stage: UnreviewedReady for checkin

comment:3 Changed 4 years ago by Tim Graham <timograham@…>

Resolution: fixed
Status: newclosed

In 30a152a3:

Fixed #25053 -- Made admin templates use |safe with password help_text

Note: See TracTickets for help on using tickets.
Back to Top