id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
34609	Deprecate format_html calls without args or kwargs	Adam Johnson	nobody	"In my experience, a common misuse of `format_html` is to format the HTML before calling it:

{{{
format_html(f""<i>{name}"")
}}}

This makes it act like `mark_safe`, allowing data through without escaping. It provides a false sense of security since `format_html` is meant to be the ""safe way"".

I propose we deprecate calls to format_html that don’t pass `args` or `kwargs`, and eventually raise a `TypeError` for such cases.

(Following improvement to `format_html` docs in #34595.)
"	Cleanup/optimization	new	Utilities	dev	Normal				Unreviewed	0	0	0	0	0	0