Summary

Mark rendered output from template tags as safe.

Review Request #10485 — Created April 1, 2019 and submitted April 10, 2019, 9:41 p.m.

Information

Owner

chipx86

Repository

Review Board

Branch

release-4.0.x

Bugs

Depends On

Reviewers

Groups

reviewboard

People

Description

To provide compatibility with both Django 1.6 and 1.11, we now mark
rendered content from all template tags as safe. Template tags that call
out to other render functions rely on the safety of those functions, so
there may still be some that need to be fixed in future changes.

Testing Done

Unit tests pass.

Commits

Summary	ID
Mark rendered output from template tags as safe. Modern versions of Django distrust template tag output by default, requiring instead that they mark their content as safe. This reduces the chance of security problems from template tags that aren't intended to produce HTML content. To provide compatibility with both Django 1.6 and 1.11, we now mark rendered content from all template tags as safe. Template tags that call out to other render functions rely on the safety of those functions, so there may still be some that need to be fixed in future changes.	0ea16574019544008a16b8fd6556407a5f36e6a0

Summary

Mark rendered output from template tags as safe.

Modern versions of Django distrust template tag output by default, requiring instead that they mark their content as safe. This reduces the chance of security problems from template tags that aren't intended to produce HTML content. To provide compatibility with both Django 1.6 and 1.11, we now mark rendered content from all template tags as safe. Template tags that call out to other render functions rely on the safety of those functions, so there may still be some that need to be fixed in future changes.

0ea16574019544008a16b8fd6556407a5f36e6a0

flake8 passed.

JSHint passed.

Ship it!

```
Ship It!
```

Status:: Completed
Change Summary:: Pushed to release-4.0.x (0a579ab)