Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates.

2025-12-18 23:03:16 +00:00 · 2015-03-18 21:42:59 +01:00 · 2015-03-18 21:42:59 +01:00 · 1f2abf784a
commit 1f2abf784a
parent dc5b01ad05
15 changed files with 198 additions and 21 deletions
--- a/django/forms/utils.py
+++ b/django/forms/utils.py
@ -7,7 +7,7 @@ from django.conf import settings
 from django.core.exceptions import ValidationError  # backwards compatibility
 from django.utils import six, timezone
 from django.utils.encoding import force_text, python_2_unicode_compatible
-from django.utils.html import escape, format_html, format_html_join
+from django.utils.html import escape, format_html, format_html_join, html_safe
 from django.utils.translation import ugettext_lazy as _

 try:
@ -40,6 +40,7 @@ def flatatt(attrs):
    )


+@html_safe
@python_2_unicode_compatible
 class ErrorDict(dict):
    """
@ -72,6 +73,7 @@ class ErrorDict(dict):
        return self.as_ul()


+@html_safe
@python_2_unicode_compatible
 class ErrorList(UserList, list):
    """