#24469: forms, form fields and media are escaped wrongfully in non django
templates
-------------------------+-------------------------------------------------
Reporter: MoritzS | Owner: nobody
Type: Bug | Status: new
Component: | Version: 1.8beta2
Template system | Keywords: forms fields media escape template
Severity: Normal | jinja2
Triage Stage: | Has patch: 0
Unreviewed |
Easy pickings: 0 | UI/UX: 0
-------------------------+-------------------------------------------------
Django uses `django.utils.safestring` for marking strings as escaped. This
prevents already escaped text to be escaped again.
It also uses the `__html__` magic method used by many other web
frameworks.
However the information about a string being safe won't be carried on if
an object gets converted to a string.
This mostly happens with forms, form fields an the `Media` class.
The django template backend "knows" about them so it doesn't escape them,
however that's not the case with any other backend.
For example
{{{
{{ my_form.my_field }}}
}}}
will be rendered as
{{{
<input name=&34;my_field&34; type=&34;text&34; />
}}}
when using jinja2 backend.
In my opinion the best way to fix this is to add `__html__` methods to the
classes that should not be escaped.
--
Ticket URL: <https://code.djangoproject.com/ticket/24469>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/050.67a30103d6b262300f913cb0b52d221f%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
