mirror of
https://github.com/django/django.git
synced 2025-10-25 14:46:09 +00:00
Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates.
This commit is contained in:
Moritz Sichert
committed by
Tim Graham
Tim Graham
parent
dc5b01ad05
commit
1f2abf784a
@@ -16,7 +16,7 @@ from django.utils import six
|
||||
from django.utils.encoding import (
|
||||
force_text, python_2_unicode_compatible, smart_text,
|
||||
)
|
||||
from django.utils.html import conditional_escape, format_html
|
||||
from django.utils.html import conditional_escape, format_html, html_safe
|
||||
from django.utils.safestring import mark_safe
|
||||
from django.utils.translation import ugettext as _
|
||||
|
||||
@@ -67,6 +67,7 @@ class DeclarativeFieldsMetaclass(MediaDefiningClass):
|
||||
return new_class
|
||||
|
||||
|
||||
@html_safe
|
||||
@python_2_unicode_compatible
|
||||
class BaseForm(object):
|
||||
# This is the main implementation of all the Form logic. Note that this
|
||||
@@ -122,9 +123,6 @@ class BaseForm(object):
|
||||
fields.update(self.fields) # add remaining fields in original order
|
||||
self.fields = fields
|
||||
|
||||
def __html__(self):
|
||||
return force_text(self)
|
||||
|
||||
def __str__(self):
|
||||
return self.as_table()
|
||||
|
||||
@@ -504,6 +502,7 @@ class Form(six.with_metaclass(DeclarativeFieldsMetaclass, BaseForm)):
|
||||
# BaseForm itself has no way of designating self.fields.
|
||||
|
||||
|
||||
@html_safe
|
||||
@python_2_unicode_compatible
|
||||
class BoundField(object):
|
||||
"A Field plus data"
|
||||
@@ -521,9 +520,6 @@ class BoundField(object):
|
||||
self.help_text = field.help_text or ''
|
||||
self._initial_value = UNSET
|
||||
|
||||
def __html__(self):
|
||||
return force_text(self)
|
||||
|
||||
def __str__(self):
|
||||
"""Renders this field as an HTML widget."""
|
||||
if self.field.show_hidden_initial:
|
||||
|
||||
@@ -8,6 +8,7 @@ from django.forms.widgets import HiddenInput
|
||||
from django.utils import six
|
||||
from django.utils.encoding import python_2_unicode_compatible
|
||||
from django.utils.functional import cached_property
|
||||
from django.utils.html import html_safe
|
||||
from django.utils.safestring import mark_safe
|
||||
from django.utils.six.moves import range
|
||||
from django.utils.translation import ugettext as _, ungettext
|
||||
@@ -46,6 +47,7 @@ class ManagementForm(Form):
|
||||
super(ManagementForm, self).__init__(*args, **kwargs)
|
||||
|
||||
|
||||
@html_safe
|
||||
@python_2_unicode_compatible
|
||||
class BaseFormSet(object):
|
||||
"""
|
||||
|
||||
@@ -7,7 +7,7 @@ from django.conf import settings
|
||||
from django.core.exceptions import ValidationError # backwards compatibility
|
||||
from django.utils import six, timezone
|
||||
from django.utils.encoding import force_text, python_2_unicode_compatible
|
||||
from django.utils.html import escape, format_html, format_html_join
|
||||
from django.utils.html import escape, format_html, format_html_join, html_safe
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
try:
|
||||
@@ -40,6 +40,7 @@ def flatatt(attrs):
|
||||
)
|
||||
|
||||
|
||||
@html_safe
|
||||
@python_2_unicode_compatible
|
||||
class ErrorDict(dict):
|
||||
"""
|
||||
@@ -72,6 +73,7 @@ class ErrorDict(dict):
|
||||
return self.as_ul()
|
||||
|
||||
|
||||
@html_safe
|
||||
@python_2_unicode_compatible
|
||||
class ErrorList(UserList, list):
|
||||
"""
|
||||
|
||||
@@ -18,7 +18,7 @@ from django.utils.encoding import (
|
||||
force_str, force_text, python_2_unicode_compatible,
|
||||
)
|
||||
from django.utils.formats import get_format
|
||||
from django.utils.html import conditional_escape, format_html
|
||||
from django.utils.html import conditional_escape, format_html, html_safe
|
||||
from django.utils.safestring import mark_safe
|
||||
from django.utils.six.moves import range
|
||||
from django.utils.six.moves.urllib.parse import urljoin
|
||||
@@ -37,6 +37,7 @@ __all__ = (
|
||||
MEDIA_TYPES = ('css', 'js')
|
||||
|
||||
|
||||
@html_safe
|
||||
@python_2_unicode_compatible
|
||||
class Media(object):
|
||||
def __init__(self, media=None, **kwargs):
|
||||
@@ -51,9 +52,6 @@ class Media(object):
|
||||
for name in MEDIA_TYPES:
|
||||
getattr(self, 'add_' + name)(media_attrs.get(name, None))
|
||||
|
||||
def __html__(self):
|
||||
return force_text(self)
|
||||
|
||||
def __str__(self):
|
||||
return self.render()
|
||||
|
||||
@@ -159,6 +157,7 @@ class MediaDefiningClass(type):
|
||||
return new_class
|
||||
|
||||
|
||||
@html_safe
|
||||
@python_2_unicode_compatible
|
||||
class SubWidget(object):
|
||||
"""
|
||||
@@ -602,6 +601,7 @@ class SelectMultiple(Select):
|
||||
return data.get(name, None)
|
||||
|
||||
|
||||
@html_safe
|
||||
@python_2_unicode_compatible
|
||||
class ChoiceInput(SubWidget):
|
||||
"""
|
||||
@@ -667,6 +667,7 @@ class CheckboxChoiceInput(ChoiceInput):
|
||||
return self.choice_value in self.value
|
||||
|
||||
|
||||
@html_safe
|
||||
@python_2_unicode_compatible
|
||||
class ChoiceFieldRenderer(object):
|
||||
"""
|
||||
|
||||
Reference in New Issue
Block a user