Fix #20211: Document backwards-incompatible change in BoundField.label_tag. #997

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
2 participants
Member

bmispelon commented Apr 6, 2013

No description provided.

@claudep claudep commented on the diff Apr 11, 2013

django/forms/forms.py
@@ -519,7 +519,7 @@ def label_tag(self, contents=None, attrs=None):
If attrs are given, they're used as HTML attributes on the <label> tag.
"""
- contents = contents or conditional_escape(self.label)
+ contents = contents or self.label
@claudep

claudep Apr 11, 2013

Member

What about if id_: being False (below). Might the label be marked safe without being escaped?

@bmispelon

bmispelon Apr 11, 2013

Member

Good catch, that's indeed the case.

However, the original version still has an issue if id_ is False, since it will mark anything passed as content safe.

I see two ways to fix this:

  1. We can either apply conditional_escape to contents after this line, but the double-escaping of lazy strings would kick in (#20221).

  2. Another option would be to add an else clause to the if id_: clause and apply conditional_escape there.

bmispelon closed this Apr 17, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment