Changes between Initial Version and Version 2 of Ticket #34595
- Timestamp:
- May 24, 2023, 3:40:23 PM (19 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #34595
- Property Triage Stage Unreviewed → Accepted
- Property Summary `format_html` should explicitely mention rgar `format_string` is not escaped → format_html() should explicitely mention format_string is not escaped and that result is safe
-
Ticket #34595 – Description
initial v2 1 1 The docs for `format_html` mention that `args` and `kwargs` are escaped but it does not say anything about `format_string` (which is, in fact, not escaped). Readers could benefit from this clarification to avoid putting unsafe content in `format_string`. 2 3 Similarly, the docs could be extended to explicitly mention that the result is marked as safe. Mariusz suggested this text (thanks!): 4 5 {{{ 6 The output has :func:`~django.utils.safestring.mark_safe` applied. 7 }}}