Django 1.6 trusted strings coming from template tags, meaning that it

wouldn't escape any content returned. In modern versions, it no longer

trusts unless the string is marked as safe. This broke TemplateHook

rendering and CSS/JS bundles for extensions.
We no longer naively join strings. Instead, we use format_html_join to

merge together any results in a way that guarantees safety of input

strings and the resulting string. This shouldn't impact any extensions,

unless they have a custom TemplateHook that overrides rendering in a

way that does not use templates (in which case, they'll have to update

their code accordingly).
MultiConstentRequirementsWidget has also received the same update,

though it didn't actually have a problem before, as widgets return safe

content. However, if a custom widget were used that did not, it would

benefit from this as well.

Unit tests pass for Django 1.6 and 1.11.