[1.8.x] Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates.

Backport of 1f2abf784a from master
2025-10-24 06:06:09 +00:00 · 2015-03-18 21:42:59 +01:00
parent 6a2f46f238
commit 44a05a8a91
15 changed files with 197 additions and 21 deletions
--- a/docs/ref/utils.txt
+++ b/docs/ref/utils.txt
@@ -689,6 +689,19 @@ escaping HTML.
 .. _str.format: https://docs.python.org/library/stdtypes.html#str.format
 .. _bleach: https://pypi.python.org/pypi/bleach

+.. function:: html_safe()
+
+    .. versionadded:: 1.8
+
+    The ``__html__()`` method on a class helps non-Django templates detect
+    classes whose output doesn't require HTML escaping.
+
+    This decorator defines the ``__html__()`` method on the decorated class
+    by wrapping the ``__unicode__()`` (Python 2) or ``__str__()`` (Python 3)
+    in :meth:`~django.utils.safestring.mark_safe`. Ensure the ``__unicode__()``
+    or ``__str__()`` method does indeed return text that doesn't require HTML
+    escaping.
+
 ``django.utils.http``
 =====================