#27386: Readonly callable field is unconditionally wrapped inside <p>...</p>, which might create invalid HTML -------------------------------------+------------------------------------- Reporter: Jacob Rief | Owner: nobody Type: | Status: new Cleanup/optimization | Component: contrib.admin | Version: master Severity: Normal | Resolution: Keywords: callable field | Triage Stage: Accepted is_readonly <p> | Has patch: 0 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 -------------------------------------+------------------------------------- Changes (by Tim Graham):
* stage: Unreviewed => Accepted Old description: > (Pseudo)-Fields in classes inheriting from > ``django.contrib.admin.ModelsAdmin`` which are callables, must be listed > in ``readonly_fields``. This implies that in > ``admin/includes/fieldset.html`` (line 17) and > ``admin/edit_inline/tabular.html`` (line 55) the content of this field is > wrapped inside a paragraph ``<p>{{ field.contents }}</p>``. > > However, a ``<p>...</p>`` is not suitable to accept every kind of HTML > element. Therefore when using a "callable" field, which renders it's > content in HTML, one might get a surprising result. > > Since the author of a callable field may wrap it's content into whatever > (s)he likes, there should be a way to avoid these wrapping paragraphs. > > My proposal is to check if ``field.contents`` is safe text, and if so > then leave it as-is, or otherwise wrap it into ``<p>..</p>`` as we do it > right now. New description: (Pseudo)-Fields in classes inheriting from `django.contrib.admin.ModelsAdmin` which are callables, must be listed in `readonly_fields`. This implies that in `admin/includes/fieldset.html` (line 17) and `admin/edit_inline/tabular.html` (line 55) the content of this field is wrapped inside a paragraph `<p>{{ field.contents }}</p>`. However, a `<p>...</p>` is not suitable to accept every kind of HTML element. Therefore when using a "callable" field, which renders it's content in HTML, one might get a surprising result. Since the author of a callable field may wrap it's content into whatever (s)he likes, there should be a way to avoid these wrapping paragraphs. My proposal is to check if `field.contents` is safe text, and if so then leave it as-is, or otherwise wrap it into `<p>..</p>` as we do it right now. -- Comment: I'm not sure if the proposal is completely backwards-compatible, but the problem seems real. -- Ticket URL: <https://code.djangoproject.com/ticket/27386#comment:3> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/063.3ee83f109aa56522cd88010e67c0adf1%40djangoproject.com. For more options, visit https://groups.google.com/d/optout.