Opened 7 years ago

Closed 7 years ago

#25090 closed Bug (wontfix)

Output of password_validators_help_text_html() is not marked safe

Reported by: Alex Owned by: nobody
Component: contrib.auth Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no


The output of password_validation.password_validators_help_text_html() in the SetPasswordForm and AdminChangePasswordForm is not wrapped in mark_safe, which causes the html tags in the output to be escaped.

Change History (2)

comment:1 Changed 7 years ago by Tim Graham

Component: Uncategorizedcontrib.auth

help_text is documented as not being escaped in automatically generated forms so it seems to me this shouldn't be necessary. We recently fixed some admin templates in 30a152a367541a0b815ab84b3da407700feff744. Are there other places where this is a problem?

comment:2 Changed 7 years ago by Tim Graham

Resolution: wontfix
Status: newclosed
Note: See TracTickets for help on using tickets.
Back to Top