id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
34595	format_html() should explicitly mention that format_string is not escaped and that result is safe	Natalia Bidart	AP Jama	"The docs for `format_html` mention that `args` and `kwargs` are escaped but it does not say anything about `format_string` (which is, in fact, not escaped). Readers could benefit from this clarification to avoid putting unsafe content in `format_string`.

Similarly, the docs could be extended to explicitly mention that the result is marked as safe. Mariusz suggested this text (thanks!):

{{{
The output has :func:`~django.utils.safestring.mark_safe` applied.
}}}
"	Cleanup/optimization	closed	Template system	4.2	Normal	fixed			Ready for checkin	1	0	0	0	1	0