[Django] #25090: Output of password_validators_help_text_html() is not marked safe
Django
-------------------------------+--------------------
Reporter: alexbecker | Owner: nobody
Type: Bug | Status: new
Component: Uncategorized | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 1
Easy pickings: 1 | UI/UX: 0
-------------------------------+--------------------
The output of password_validation.password_validators_help_text_html() in
the SetPasswordForm and AdminChangePasswordForm is not wrapped in
mark_safe, which causes the html tags in the output to be escaped.
--
Ticket URL: <https://code.djangoproject.com/ticket/25090>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: alexbecker | Owner: nobody
Type: Bug | Status: new
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by timgraham):
* needs_better_patch: => 0
* component: Uncategorized => contrib.auth
* needs_tests: => 0
* needs_docs: => 0
Comment:
[https://docs.djangoproject.com/en/1.8/ref/models/fields/#help-text
help_text] is documented as not being escaped in automatically generated
forms so it seems to me this shouldn't be necessary. We recently fixed
some admin templates in 30a152a367541a0b815ab84b3da407700feff744. Are
there other places where this is a problem?
--
Ticket URL: <https://code.djangoproject.com/ticket/25090#comment:1>
Django
Reporter: alexbecker | Owner: nobody
Type: Bug | Status: closed
Component: contrib.auth | Version: master
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Changes (by timgraham):
* status: new => closed
* resolution: => wontfix
--
Ticket URL: <https://code.djangoproject.com/ticket/25090#comment:2>