subject:"Re\: \[Django\] #31427\: Better support for __html_

Re: [Django] #31427: Better support for html in django admin

2020-04-07 Thread Django

#31427: Better support for __html__ in django admin
+---
 Reporter:  Olivier Dalang  |Owner:  Andy Robles
 Type:  New feature |   Status:  closed
Component:  contrib.admin   |  Version:  3.0
 Severity:  Normal  |   Resolution:  needsinfo
 Keywords:  | Triage Stage:  Unreviewed
Has patch:  0   |  Needs documentation:  0
  Needs tests:  0   |  Patch needs improvement:  0
Easy pickings:  0   |UI/UX:  1
+---
Changes (by Carlton Gibson):

 * status:  assigned => closed
 * resolution:   => needsinfo


Old description:

> Django supports custom html representation for objects using the __html__
> method (see https://code.djangoproject.com/ticket/7261)
>
> This is supposedly used when trying to display to object as html : if the
> object provides an __html__ representation, this is used instead of an
> html-escaped version of __str__. This is implemented in
> `django.utils.html.conditional_escape`, used in turn by `format_html`
> (and similar).
>
> This feature is really nice. It allows for instance to add colors or
> icons to the instances representation very consistently., which in some
> cases can really help in terms of UX (e.g. color for instance's state).
>
> Unfortunately, this is is only very partially supported in Django admin,
> where most of the time, the __str__ representation is used instead.
>
> Currently, the only place where I could see the __html__ used is in the
> confirmation message after changing an object ("The object “XYZ” was
> changed successfully.).
>
> The __html__ method is not used in :
> - the default representation of the changelist (when list_display is not
> set)
> - the breadcrumbs
> - the filters of the changelist
> - the select with autocomplete (despite select2 supporting html)
> - etc...
>
> I suggest changing this wherever possible in Django admin. It shouldn't
> be too big of a change. It's probably mostly replacing str(obj) by
> conditional_escape(obj) wherever HTML is admissible.
>
> Long live Django & Django admin :-)

New description:

 Django supports custom html representation for objects using the __html__
 method (see #7261)

 This is supposedly used when trying to display to object as html : if the
 object provides an __html__ representation, this is used instead of an
 html-escaped version of __str__. This is implemented in
 `django.utils.html.conditional_escape`, used in turn by `format_html` (and
 similar).

 This feature is really nice. It allows for instance to add colors or icons
 to the instances representation very consistently., which in some cases
 can really help in terms of UX (e.g. color for instance's state).

 Unfortunately, this is is only very partially supported in Django admin,
 where most of the time, the __str__ representation is used instead.

 Currently, the only place where I could see the __html__ used is in the
 confirmation message after changing an object ("The object “XYZ” was
 changed successfully.).

 The __html__ method is not used in :
 - the default representation of the changelist (when list_display is not
 set)
 - the breadcrumbs
 - the filters of the changelist
 - the select with autocomplete (despite select2 supporting html)
 - etc...

 I suggest changing this wherever possible in Django admin. It shouldn't be
 too big of a change. It's probably mostly replacing str(obj) by
 conditional_escape(obj) wherever HTML is admissible.

 Long live Django & Django admin :-)

--

Comment:

 Grrr.

 > Django supports custom html representation for objects using the html
 method

 I don't think that's the intended use-case.

 Rather:

 > This shouldn't be thought of as *replacement* for autoescaping, since
 that's not required, but as something that uses it for interoperability.
 > - https://code.djangoproject.com/ticket/7261#comment:3

 i.e. it was introduced so the DTL could understand that strings from other
 template engines were pre-escaped.

 The `__html__()` method is hardly documented — it's mentioned only in
 passing for `html_safe`.

 I'm not 100% adverse to the idea here—I can see the appeal— vs what?
 implementing str() to mark safe, or a proxy class doing the same for use
 in the admin...? Overriding the templates?, and so on... — but (A)
 security — do folks really emit safe HTML? — and then (B) it's a change in
 the intended use, so ... 

 I'll initially say `needsinfo` rather than `wontfix` here.

 * What does it really involve? Documenting `__html__()` and promoting to a
 recommended approach.
 * A PoC concept PR: What do the changes look like? (In draft)
 * Then, is the any support for such a change on the DevelopersMailingList?
 (vs the alternatives)

 I hope that makes sense.

-- 
Ticket URL:

Re: [Django] #31427: Better support for html in django admin

2020-04-06 Thread Django

#31427: Better support for __html__ in django admin
+--
 Reporter:  Olivier Dalang  |Owner:  andyrobles
 Type:  New feature |   Status:  assigned
Component:  contrib.admin   |  Version:  3.0
 Severity:  Normal  |   Resolution:
 Keywords:  | Triage Stage:  Unreviewed
Has patch:  0   |  Needs documentation:  0
  Needs tests:  0   |  Patch needs improvement:  0
Easy pickings:  0   |UI/UX:  1
+--
Changes (by andyrobles):

 * owner:  nobody => andyrobles
 * status:  new => assigned


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/071.d4dcf93338fcdd8334bf594069a01a98%40djangoproject.com.

Re: [Django] #31427: Better support for html in django admin

2020-04-05 Thread Django

#31427: Better support for __html__ in django admin
+--
 Reporter:  Olivier Dalang  |Owner:  nobody
 Type:  New feature |   Status:  new
Component:  contrib.admin   |  Version:  3.0
 Severity:  Normal  |   Resolution:
 Keywords:  | Triage Stage:  Unreviewed
Has patch:  0   |  Needs documentation:  0
  Needs tests:  0   |  Patch needs improvement:  0
Easy pickings:  0   |UI/UX:  1
+--
Changes (by Olivier Dalang):

 * Attachment "example_html_djanngo_2.PNG" added.

 example 2

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/071.3b252131dba4574e6d74597948bfb056%40djangoproject.com.

Re: [Django] #31427: Better support for html in django admin

2020-04-05 Thread Django

#31427: Better support for __html__ in django admin
+--
 Reporter:  Olivier Dalang  |Owner:  nobody
 Type:  New feature |   Status:  new
Component:  contrib.admin   |  Version:  3.0
 Severity:  Normal  |   Resolution:
 Keywords:  | Triage Stage:  Unreviewed
Has patch:  0   |  Needs documentation:  0
  Needs tests:  0   |  Patch needs improvement:  0
Easy pickings:  0   |UI/UX:  1
+--
Changes (by Olivier Dalang):

 * Attachment "example_html_djanngo.PNG" added.

 example 1

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/071.1d06291a59b4521776628be0d2b8c0be%40djangoproject.com.

Re: [Django] #31427: Better support for html in django admin

2020-04-04 Thread Django

#31427: Better support for __html__ in django admin
---+--
 Reporter:  Olivier|Owner:  nobody
 Type:  New feature|   Status:  new
Component:  contrib.admin  |  Version:  3.0
 Severity:  Normal |   Resolution:
 Keywords: | Triage Stage:  Unreviewed
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  1
---+--
Changes (by Olivier):

 * type:  Uncategorized => New feature


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/071.378c2b39993be039fdb472e3b3943d47%40djangoproject.com.

Re: [Django] #31427: Better support for html in django admin

Re: [Django] #31427: Better support for html in django admin

Re: [Django] #31427: Better support for html in django admin

Re: [Django] #31427: Better support for html in django admin

Re: [Django] #31427: Better support for html in django admin

5 matches

Site Navigation

Mail list logo

Footer information

Re: [Django] #31427: Better support for __html__ in django admin

Re: [Django] #31427: Better support for __html__ in django admin

Re: [Django] #31427: Better support for __html__ in django admin

Re: [Django] #31427: Better support for __html__ in django admin

Re: [Django] #31427: Better support for __html__ in django admin

5 matches

Mail list logo

Re: [Django] #31427: Better support for html in django admin

Re: [Django] #31427: Better support for html in django admin

Re: [Django] #31427: Better support for html in django admin

Re: [Django] #31427: Better support for html in django admin

Re: [Django] #31427: Better support for html in django admin