mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-04-01 12:06:43 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #34595 -- Doc'd that format_string arg of format_html() is not escaped.

Browse Source
This commit is contained in:
AP Jama 2023-06-01 10:23:53 +00:00 committed by Mariusz Felisiak
parent 24d56e21c3
commit 4037223d0f
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/ref/utils.txt
View File

@ -612,8 +612,10 @@ escaping HTML.
.. function:: format_html(format_string, *args, **kwargs) .. function:: format_html(format_string, *args, **kwargs)
This is similar to :meth:`str.format`, except that it is appropriate for This is similar to :meth:`str.format`, except that it is appropriate for
building up HTML fragments. All args and kwargs are passed through building up HTML fragments. The first argument ``format_string`` is not
escaped but all other args and kwargs are passed through
:func:`conditional_escape` before being passed to ``str.format()``. :func:`conditional_escape` before being passed to ``str.format()``.
Finally, the output has :func:`~django.utils.safestring.mark_safe` applied.
For the case of building up small HTML fragments, this function is to be For the case of building up small HTML fragments, this function is to be
preferred over string interpolation using ``%`` or ``str.format()`` preferred over string interpolation using ``%`` or ``str.format()``