Fix #20211: Document backwards-incompatible change in BoundField.label_tag. #997

bmispelon · 2013-04-06T15:17:37Z

No description provided.

claudep · 2013-04-11T17:30:34Z

django/forms/forms.py

@@ -519,7 +519,7 @@ def label_tag(self, contents=None, attrs=None):

        If attrs are given, they're used as HTML attributes on the <label> tag.
        """
-        contents = contents or conditional_escape(self.label)
+        contents = contents or self.label


What about if id_: being False (below). Might the label be marked safe without being escaped?

Good catch, that's indeed the case.

However, the original version still has an issue if id_ is False, since it will mark anything passed as content safe.

I see two ways to fix this:

We can either apply conditional_escape to contents after this line, but the double-escaping of lazy strings would kick in (#20221).

Another option would be to add an else clause to the if id_: clause and apply conditional_escape there.

…l_tag.

claudep reviewed Apr 11, 2013
View reviewed changes

Fix #20211: Document backwards-incompatible change in BoundField.labe…

c64ea67

…l_tag.

bmispelon closed this Apr 17, 2013

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix #20211: Document backwards-incompatible change in BoundField.label_tag. #997

Fix #20211: Document backwards-incompatible change in BoundField.label_tag. #997

bmispelon commented Apr 6, 2013

claudep Apr 11, 2013

bmispelon Apr 11, 2013

Fix #20211: Document backwards-incompatible change in BoundField.label_tag. #997

Fix #20211: Document backwards-incompatible change in BoundField.label_tag. #997

Conversation

bmispelon commented Apr 6, 2013

claudep Apr 11, 2013

Choose a reason for hiding this comment

bmispelon Apr 11, 2013

Choose a reason for hiding this comment