Hi,
I've noticed that Django 4.0 now applies HTML escaping to help_text in
autogenerated forms, as a side-effect of switching to template-based
rendering
(https://github.com/django/django/commit/456466d932830b096d39806e291fe23ec5ed38d5,
https://code.djangoproject.com/ticket/31026) - given a form definition
class MyForm(forms.Form):
name = forms.CharField(help_text="some <em>lovely</em> HTML")
rendering onto a template with {{ form.as_p }} results in the <em> tag
being escaped, which wasn't the case in earlier versions. While to my eyes
this is a positive change (it's now consistent with virtually every other
case where a plain Python string is passed to HTML output, and if you do
want to preserve HTML markup then wrapping it in mark_safe works as
expected), it strikes me as the sort of breaking change you wouldn't have
made lightly. It's not highlighted in the 4.0 release notes, and the
documentation for help_text still states that it isn't escaped:
https://docs.djangoproject.com/en/4.0/ref/forms/fields/#help-text
https://docs.djangoproject.com/en/4.0/ref/models/fields/#django.db.models.Field.help_text
The old behaviour was decreed by the core team a long time back
(https://code.djangoproject.com/ticket/6041#comment:6), and I can't find
any indication of that decision being reversed. Was this change intentional?
Cheers,
- Matt
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/3b780ac6-536d-4a4e-b8f7-2bb2bb174ff8n%40googlegroups.com.
