Fixed #34595 -- Doc'd that format_string arg of format_html() is not escaped.

author: AP Jama <apjama@icloud.com> 2023-06-01 10:23:53 +0000
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2023-06-01 12:10:08 +0100
commit: 4037223d0f12c44ecd6f369ccbabcbd279a1bdbc (patch)
tree: 078c3ea69a74ae7163aa23eea622804e8c28756d /docs/ref/utils.txt
parent: 24d56e21c3ce8ec9392e8fecc462426e9ed92bbe (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/docs/ref/utils.txt b/docs/ref/utils.txt
index f666fdc05f..e37e59ddf2 100644
--- a/docs/ref/utils.txt
+++ b/docs/ref/utils.txt
@@ -612,8 +612,10 @@ escaping HTML.
 .. function:: format_html(format_string, *args, **kwargs)
 
     This is similar to :meth:`str.format`, except that it is appropriate for
-    building up HTML fragments. All args and kwargs are passed through
+    building up HTML fragments. The first argument ``format_string`` is not
+    escaped but all other args and kwargs are passed through
     :func:`conditional_escape` before being passed to ``str.format()``.
+    Finally, the output has :func:`~django.utils.safestring.mark_safe` applied.
 
     For the case of building up small HTML fragments, this function is to be
     preferred over string interpolation using ``%`` or ``str.format()``
author	AP Jama <apjama@icloud.com>	2023-06-01 10:23:53 +0000
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2023-06-01 12:10:08 +0100
commit	4037223d0f12c44ecd6f369ccbabcbd279a1bdbc (patch)
tree	078c3ea69a74ae7163aa23eea622804e8c28756d /docs/ref/utils.txt
parent	24d56e21c3ce8ec9392e8fecc462426e9ed92bbe (diff)