mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-22 20:55:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates.

Browse source
This commit is contained in:
Moritz Sichert 2015-03-18 21:42:59 +01:00 committed by Tim Graham
parent dc5b01ad05
commit 1f2abf784a
15 changed files with 198 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

9
django/forms/widgets.py
View file

@ -18,7 +18,7 @@ from django.utils.encoding import (
force_str, force_text, python_2_unicode_compatible,
)
from django.utils.formats import get_format
from django.utils.html import conditional_escape, format_html
from django.utils.html import conditional_escape, format_html, html_safe
from django.utils.safestring import mark_safe
from django.utils.six.moves import range
from django.utils.six.moves.urllib.parse import urljoin
@ -37,6 +37,7 @@ __all__ = (
MEDIA_TYPES = ('css', 'js')
@html_safe
@python_2_unicode_compatible
class Media(object):
def __init__(self, media=None, **kwargs):
@ -51,9 +52,6 @@ class Media(object):
for name in MEDIA_TYPES:
getattr(self, 'add_' + name)(media_attrs.get(name, None))
def __html__(self):
return force_text(self)
def __str__(self):
return self.render()
@ -159,6 +157,7 @@ class MediaDefiningClass(type):
return new_class
@html_safe
@python_2_unicode_compatible
class SubWidget(object):
"""
@ -602,6 +601,7 @@ class SelectMultiple(Select):
return data.get(name, None)
@html_safe
@python_2_unicode_compatible
class ChoiceInput(SubWidget):
"""
@ -667,6 +667,7 @@ class CheckboxChoiceInput(ChoiceInput):
return self.choice_value in self.value
@html_safe
@python_2_unicode_compatible
class ChoiceFieldRenderer(object):
"""