mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-02 18:13:02 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates.

Browse source
This commit is contained in:
Moritz Sichert 2015-03-18 21:42:59 +01:00 committed by Tim Graham
parent dc5b01ad05
commit 1f2abf784a
15 changed files with 198 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

14
docs/ref/utils.txt
View file

@ -657,6 +657,20 @@ escaping HTML.
.. _str.format: https://docs.python.org/library/stdtypes.html#str.format
.. _bleach: https://pypi.python.org/pypi/bleach
.. function:: html_safe()
.. versionadded:: 1.8
The ``__html__()`` method on a class helps non-Django templates detect
classes whose output doesn't require HTML escaping.
This decorator defines the ``__html__()`` method on the decorated class
by wrapping the ``__unicode__()`` (Python 2) or ``__str__()`` (Python 3)
in :meth:`~django.utils.safestring.mark_safe`. Ensure the ``__unicode__()``
or ``__str__()`` method does indeed return text that doesn't require HTML
escaping.
``django.utils.http``
=====================