#28902: Formatting bug in
django.contrib.auth.password_validation._password_validators_help_text_html
----------------------------------------+------------------------
Reporter: Ole Laursen | Owner: nobody
Type: Bug | Status: new
Component: contrib.auth | Version: 2.0
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 1
UI/UX: 0 |
----------------------------------------+------------------------
Last lines say
{{{
help_items = [format_html('<li>{}</li>', help_text) for help_text in
help_texts]
return '<ul>%s</ul>' % ''.join(help_items) if help_items else ''
}}}
So in the last line it's throwing away the safe text information put in by
format_html in the previous line.
The result is that if you output the help_text of
django.contrib.auth.forms.PasswordChangeForm in a template, the HTML
bullets are escaped (user sees HTML code instead of bullets). For some
reason, I don't see this problem within the admin site, which is actually
a bit worrying.
This seems to work instead:
{{{
formatted_help_items = format_html_join("", '<li>{}</li>',
((help_text,) for help_text in help_texts))
return format_html("<ul>{}</ul>", formatted_help_items) if
formatted_help_items else ""
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28902>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/053.c0fb208b1e25d8ff0904741b5b3a2111%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
