1
0
mirror of https://github.com/django/django.git synced 2025-10-25 14:46:09 +00:00

[4.2.x] Fixed #34595 -- Doc'd that format_string arg of format_html() is not escaped.

Backport of 4037223d0f from main
This commit is contained in:
AP Jama
2023-06-01 10:23:53 +00:00
committed by Mariusz Felisiak
parent dca5f5d58a
commit dae052d823

View File

@@ -617,8 +617,10 @@ escaping HTML.
.. function:: format_html(format_string, *args, **kwargs) .. function:: format_html(format_string, *args, **kwargs)
This is similar to :meth:`str.format`, except that it is appropriate for This is similar to :meth:`str.format`, except that it is appropriate for
building up HTML fragments. All args and kwargs are passed through building up HTML fragments. The first argument ``format_string`` is not
escaped but all other args and kwargs are passed through
:func:`conditional_escape` before being passed to ``str.format()``. :func:`conditional_escape` before being passed to ``str.format()``.
Finally, the output has :func:`~django.utils.safestring.mark_safe` applied.
For the case of building up small HTML fragments, this function is to be For the case of building up small HTML fragments, this function is to be
preferred over string interpolation using ``%`` or ``str.format()`` preferred over string interpolation using ``%`` or ``str.format()``