Opened 9 years ago
Closed 9 years ago
#25090 closed Bug (wontfix)
Output of password_validators_help_text_html() is not marked safe
Reported by: | Alex | Owned by: | nobody |
---|---|---|---|
Component: | contrib.auth | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | yes | UI/UX: | no |
Description
The output of password_validation.password_validators_help_text_html() in the SetPasswordForm and AdminChangePasswordForm is not wrapped in mark_safe, which causes the html tags in the output to be escaped.
Change History (2)
comment:1 by , 9 years ago
Component: | Uncategorized → contrib.auth |
---|
comment:2 by , 9 years ago
Resolution: | → wontfix |
---|---|
Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
help_text is documented as not being escaped in automatically generated forms so it seems to me this shouldn't be necessary. We recently fixed some admin templates in 30a152a367541a0b815ab84b3da407700feff744. Are there other places where this is a problem?