Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates.

1 files changed, 5 insertions, 4 deletions

diff --git a/django/forms/widgets.py b/django/forms/widgets.py
index 9a73ddb9ca..4f38418a93 100644
--- a/django/forms/widgets.py
+++ b/django/forms/widgets.py
@@ -18,7 +18,7 @@ from django.utils.encoding import (
     force_str, force_text, python_2_unicode_compatible,
 )
 from django.utils.formats import get_format
-from django.utils.html import conditional_escape, format_html
+from django.utils.html import conditional_escape, format_html, html_safe
 from django.utils.safestring import mark_safe
 from django.utils.six.moves import range
 from django.utils.six.moves.urllib.parse import urljoin
@@ -37,6 +37,7 @@ __all__ = (
 MEDIA_TYPES = ('css', 'js')
 
 
+@html_safe
 @python_2_unicode_compatible
 class Media(object):
     def __init__(self, media=None, **kwargs):
@@ -51,9 +52,6 @@ class Media(object):
         for name in MEDIA_TYPES:
             getattr(self, 'add_' + name)(media_attrs.get(name, None))
 
-    def __html__(self):
-        return force_text(self)
-
     def __str__(self):
         return self.render()
 
@@ -159,6 +157,7 @@ class MediaDefiningClass(type):
         return new_class
 
 
+@html_safe
 @python_2_unicode_compatible
 class SubWidget(object):
     """
@@ -602,6 +601,7 @@ class SelectMultiple(Select):
         return data.get(name, None)
 
 
+@html_safe
 @python_2_unicode_compatible
 class ChoiceInput(SubWidget):
     """
@@ -667,6 +667,7 @@ class CheckboxChoiceInput(ChoiceInput):
         return self.choice_value in self.value
 
 
+@html_safe
 @python_2_unicode_compatible
 class ChoiceFieldRenderer(object):
     """