mark_safe

[kefirbandi]

The as_XXX methods don't use mark_safe (opposed to the standard django as_XXX methods).
Is this intentional?

[brutasse]

Do you see any difference in the resulting rendering?

Django forms use mark_safe() in conjunction with escape(). Here the template languages gives us escaping for free (unless |safe is used) and return SafeStrings which should already be marked as safe.

[kefirbandi]

The difference I see is this
Assume I have a form with the following field:

name = forms.CharField(max_length=5, help_text='<b>Name</b>')

If I use django form I get Name (in bold, as I want). While if I use floppyforms it always appears as Name, which is not what I want, and it is the same if I use |safe or autoescape off

[gregmuellegger]

I think that is an imparity between Django and Floppyforms that we should not resolve. Django is a little inconsistent with which values are marked as safe and which are not.

For example form.as_p() will give you a "safe" string which will not be escaped in the template where as form['name'].help_text will give you a pure string which will be escaped when used in the template.

Floppyform should keep the more consistent behaviour of always sticking with one of those. The safer bet here is probably to go with autoescaping by default. If you want the string to be displayed as is in the template, then use mark_safe in the definition:

from django.utils.html import mark_safe

name = forms.CharField(help_text=mark_safe('<b>Name</b>')

That is something that we should document.

Thanks for the report!