mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-01-03 15:06:09 +00:00
Code Issues 30 Releases Wiki Activity

Fixed #34595 -- Doc'd that format_string arg of format_html() is not escaped.

Browse Source
This commit is contained in:
AP Jama 2023-06-01 10:23:53 +00:00 committed by Mariusz Felisiak
parent 24d56e21c3
commit 4037223d0f
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/ref/utils.txt
View File

@ -612,8 +612,10 @@ escaping HTML.
.. function:: format_html(format_string, *args, **kwargs)
This is similar to :meth:`str.format`, except that it is appropriate for
building up HTML fragments. All args and kwargs are passed through
building up HTML fragments. The first argument ``format_string`` is not
escaped but all other args and kwargs are passed through
:func:`conditional_escape` before being passed to ``str.format()``.
Finally, the output has :func:`~django.utils.safestring.mark_safe` applied.
For the case of building up small HTML fragments, this function is to be
preferred over string interpolation using ``%`` or ``str.format()``