HTML escaping of help_text in Django 4.0

[Matt Westcott]

Hi,

I've noticed that Django 4.0 now applies HTML escaping to help_text in autogenerated forms, as a side-effect of switching to template-based rendering (https://github.com/django/django/commit/456466d932830b096d39806e291fe23ec5ed38d5, https://code.djangoproject.com/ticket/31026) - given a form definition

    class MyForm(forms.Form):
        name = forms.CharField(help_text="some <em>lovely</em> HTML")

rendering onto a template with {{ form.as_p }} results in the <em> tag being escaped, which wasn't the case in earlier versions. While to my eyes this is a positive change (it's now consistent with virtually every other case where a plain Python string is passed to HTML output, and if you do want to preserve HTML markup then wrapping it in mark_safe works as expected), it strikes me as the sort of breaking change you wouldn't have made lightly. It's not highlighted in the 4.0 release notes, and the documentation for help_text still states that it isn't escaped:

https://docs.djangoproject.com/en/4.0/ref/forms/fields/#help-text

https://docs.djangoproject.com/en/4.0/ref/models/fields/#django.db.models.Field.help_text

The old behaviour was decreed by the core team a long time back (https://code.djangoproject.com/ticket/6041#comment:6), and I can't find any indication of that decision being reversed. Was this change intentional?

Cheers,

- Matt

[Mariusz Felisiak]

Thanks for the report! This is a regression that should be fixed. I create a ticket based on your report.

Best,
Mariusz