v2.0.0

What's changed

Added

• Python support for 3.12 [#61]
• Django support for 4.1 and 4.2 [#61]

Changed

• django-crispy-forms updated to 2.1.x [#61]

Deprecated

• Django support for 2.2, 3.0, and 3.1 [#61]
• TBXFORMS_ALLOW_HTML_LABEL, TBXFORMS_ALLOW_HTML_HELP_TEXT, and TBXFORMS_ALLOW_HTML_BUTTON settings (developers must now mark strings as safe to render markup within templates) [#61] [#62]
• sass support for <1.33.0 [#60]

Fixed

• Documentation referencing an incorrect CSS import path

Security

• |safe is no longer applied within templates [#61]

See full changelog.

Upgrade considerations

Strings are now escaped by default

To show unescaped markup, you must mark any strings as safe (e.g. with mark_safe()) as values are now escaped by default. Previously, they were conditionally escaped based on the values of TBXFORMS_ALLOW_HTML_LABEL, TBXFORMS_ALLOW_HTML_HELP_TEXT, and TBXFORMS_ALLOW_HTML_BUTTON settings.

This applies to label, help_text, hint (for select and checkbox fields), and value for button fields.

You should remove the following settings:

1. TBXFORMS_ALLOW_HTML_LABEL
2. TBXFORMS_ALLOW_HTML_HELP_TEXT
3. TBXFORMS_ALLOW_HTML_BUTTON

New contributors

• @olivierphi made their first contribution in #61
• @RealOrangeOne made their first contribution in #60