Mark rendered output from template tags as safe.

Review Request #10485 — Created April 1, 2019 and submitted

chipx86
Review Board
release-4.0.x
reviewboard

Modern versions of Django distrust template tag output by default,
requiring instead that they mark their content as safe. This reduces the
chance of security problems from template tags that aren't intended to
produce HTML content.

To provide compatibility with both Django 1.6 and 1.11, we now mark
rendered content from all template tags as safe. Template tags that call
out to other render functions rely on the safety of those functions, so
there may still be some that need to be fixed in future changes.

Unit tests pass.

Summary
Mark rendered output from template tags as safe.
david
  1. Ship It!
  2. 
      
chipx86
Review request changed

Status: Closed (submitted)

Change Summary:

Pushed to release-4.0.x (0a579ab)
Loading...