summaryrefslogtreecommitdiff
path: root/docs/ref
diff options
context:
space:
mode:
authorMoritz Sichert <moritz.sichert@googlemail.com>2015-03-18 21:42:59 +0100
committerTim Graham <timograham@gmail.com>2015-03-27 20:01:41 -0400
commit44a05a8a912596c44f37f050dcde85b45827b3b6 (patch)
tree237d32eff118beb88ebbb0c29eaff456978bdbfa /docs/ref
parent6a2f46f2381269187195a0f9165a893f54dc01a3 (diff)
[1.8.x] Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates.
Backport of 1f2abf784a9fe550959de242d91963b2ad6f7e9c from master
Diffstat (limited to 'docs/ref')
-rw-r--r--docs/ref/utils.txt13
1 files changed, 13 insertions, 0 deletions
diff --git a/docs/ref/utils.txt b/docs/ref/utils.txt
index c9a68b308e..802bae82b2 100644
--- a/docs/ref/utils.txt
+++ b/docs/ref/utils.txt
@@ -689,6 +689,19 @@ escaping HTML.
.. _str.format: https://docs.python.org/library/stdtypes.html#str.format
.. _bleach: https://pypi.python.org/pypi/bleach
+.. function:: html_safe()
+
+ .. versionadded:: 1.8
+
+ The ``__html__()`` method on a class helps non-Django templates detect
+ classes whose output doesn't require HTML escaping.
+
+ This decorator defines the ``__html__()`` method on the decorated class
+ by wrapping the ``__unicode__()`` (Python 2) or ``__str__()`` (Python 3)
+ in :meth:`~django.utils.safestring.mark_safe`. Ensure the ``__unicode__()``
+ or ``__str__()`` method does indeed return text that doesn't require HTML
+ escaping.
+
``django.utils.http``
=====================