From 44a05a8a912596c44f37f050dcde85b45827b3b6 Mon Sep 17 00:00:00 2001 From: Moritz Sichert Date: Wed, 18 Mar 2015 21:42:59 +0100 Subject: [1.8.x] Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates. Backport of 1f2abf784a9fe550959de242d91963b2ad6f7e9c from master --- docs/ref/utils.txt | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'docs') diff --git a/docs/ref/utils.txt b/docs/ref/utils.txt index c9a68b308e..802bae82b2 100644 --- a/docs/ref/utils.txt +++ b/docs/ref/utils.txt @@ -689,6 +689,19 @@ escaping HTML. .. _str.format: https://docs.python.org/library/stdtypes.html#str.format .. _bleach: https://pypi.python.org/pypi/bleach +.. function:: html_safe() + + .. versionadded:: 1.8 + + The ``__html__()`` method on a class helps non-Django templates detect + classes whose output doesn't require HTML escaping. + + This decorator defines the ``__html__()`` method on the decorated class + by wrapping the ``__unicode__()`` (Python 2) or ``__str__()`` (Python 3) + in :meth:`~django.utils.safestring.mark_safe`. Ensure the ``__unicode__()`` + or ``__str__()`` method does indeed return text that doesn't require HTML + escaping. + ``django.utils.http`` ===================== -- cgit v1.3