Opened 17 years ago
Closed 17 years ago
#6226 closed (fixed)
Newforms-admin escapes html tags when allow_tags is set
Reported by: | Owned by: | Jeffrey Gelens | |
---|---|---|---|
Component: | contrib.admin | Version: | newforms-admin |
Severity: | Keywords: | nfa-blocker newforms admin auto escape allow_tags | |
Cc: | michelts@… | Triage Stage: | Ready for checkin |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Newforms-admin apply autoescape to a function output even when this function has the "allow_tags" attribute defined. There must be a way to output escape aware content from functions to the admin interface in order to output html content.
Attachments (1)
Change History (9)
comment:1 by , 17 years ago
comment:2 by , 17 years ago
No I can´t :) See above:
from django.db import models from django.utils.safestring import mark_safe from django.contrib import admin class Example(models.Model): name = models.CharField() def test(self): return mark_safe('<b>%s</b>' % (self.name)) class ExampleOptions(admin.ModelAdmin): list_display = ('name', 'test') admin_site = admin.AdminSite() admin_site.register(Example, ExampleOptions)
This should output the name in bold weight but this is not true for now. But I agree with you, allow_tags should not be available in favor of mark_safe or some SafeData subclass ;)
comment:3 by , 17 years ago
I found my mistake, I need to set the "allow_tags" attribute even if I return a safe string. See above:
class Example(models.Model): name = models.CharField() def test(self): return mark_safe('<b>%s</b>' % (self.name)) test.allow_tags = True
Maybe we should remove the allow_tags attribute?
comment:4 by , 17 years ago
Created a patch so that mark_safe doesn't have to be used explicitly. This is conform the current documentation. This bug is already fixed in the trunk, but wasn't in the newforms-admin branch.
comment:5 by , 17 years ago
Has patch: | set |
---|---|
Owner: | changed from | to
Status: | new → assigned |
comment:6 by , 17 years ago
Triage Stage: | Unreviewed → Ready for checkin |
---|
I was messing around with merging branches and noticed that trunk does this, but newforms-admin does not.
comment:7 by , 17 years ago
Keywords: | nfa-blocker added |
---|
comment:8 by , 17 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Ugh, the post commit hook is not closing tickets. This was fixed in [7394].
You can probably achieve outputting html by just using
mark_safe()
. Perhaps the documentation needs to be updated to remove theallow_tags
reference?