#6041: help_text not escaped in _html_output
---------------------------+------------------------------------------------
Reporter: SmileyChris | Owner: nobody
Status: new | Component: django.newforms
Version: SVN | Resolution:
Keywords: | Stage: Accepted
Has_patch: 0 | Needs_docs: 0
Needs_tests: 1 | Needs_better_patch: 0
---------------------------+------------------------------------------------
Comment (by mtredinnick):
This is not trivial to do correctly at the moment. The problem is, we
can't just pass it to `conditional_escape()` because that doesn't allow
for the fact that the output might not require auto-escaping (e.g. if it
is going into a template inside an "autoescape off" section).
At the moment, help_text is deliberately not escaped, since it's under the
control of the developer and, for newforms, (unfortunately) the developer
and designer have to work closely together in any case, so agreeing on
auto-escaping settings is just part of that. Might be nice to make it
smoother, but it will require more than just passing in the auto-escaping
setting to `_as_html()`; every place we return HTML from newforms will
need similar treatment.
--
Ticket URL: <http://code.djangoproject.com/ticket/6041#comment:2>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
