What's changed
Added
Changed
django-crispy-forms
updated to 2.1.x [#61]
Deprecated
- Django support for 2.2, 3.0, and 3.1 [#61]
TBXFORMS_ALLOW_HTML_LABEL
,TBXFORMS_ALLOW_HTML_HELP_TEXT
, andTBXFORMS_ALLOW_HTML_BUTTON
settings (developers must now mark strings as safe to render markup within templates) [#61] [#62]sass
support for <1.33.0 [#60]
Fixed
- Documentation referencing an incorrect CSS import path
Security
|safe
is no longer applied within templates [#61]
See full changelog.
Upgrade considerations
Strings are now escaped by default
To show unescaped markup, you must mark any strings as safe (e.g. with mark_safe()
) as values are now escaped by default. Previously, they were conditionally escaped based on the values of TBXFORMS_ALLOW_HTML_LABEL
, TBXFORMS_ALLOW_HTML_HELP_TEXT
, and TBXFORMS_ALLOW_HTML_BUTTON
settings.
This applies to label
, help_text
, hint
(for select and checkbox fields), and value
for button fields.
You should remove the following settings:
TBXFORMS_ALLOW_HTML_LABEL
TBXFORMS_ALLOW_HTML_HELP_TEXT
TBXFORMS_ALLOW_HTML_BUTTON
New contributors
- @olivierphi made their first contribution in #61
- @RealOrangeOne made their first contribution in #60