id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
31203	Using Markup in ValidationError.	Felipe	nobody	"Not 100% positive this is a bug, but definitely a breaking change in Django.

In 1.11 `ValidationError` used `force_text` to stringify its messages, but in 2.2 and 3.0, it's using `str`.

`force_text` used to check for subtypes of `six.text_type` and let those through unchanged, whereas str forces the `__str__` conversion.

This interacts poorly with Markup, which 'unwraps' itself in the `__str__` method. Here's a sample problem:


{{{
type(next(iter(ValidationError(
    message=Markup('%(x)s had a problem'),
    params={'x': Markup('<span>X</span>')}
)))) is str
}}}



That error should render on a form as a span followed by some text; however, the use of str causes the 'safeness' of the markup to be lost and thus it's re-escaped and the HTML leaks into the page.

Maybe Markup should be returning self in `__str__`, since it's a `__str__` subclass. This bug can be worked around from client code using something like this:


{{{
class StubbornMarkup(Markup):
    def __str__(self):
        return self


type(next(iter(ValidationError(
    message=StubbornMarkup('%(x)s had a problem'),
    params={'x': Markup('<span>X</span>')}
)))) is StubbornMarkup
}}}



This is vaguely related to #13723, which seems to suggest the use of Markup should be supported."	Bug	closed	Core (Other)	dev	Normal	wontfix			Unreviewed	0	0	0	0	0	0