Summary

Mark HTML row data as safe in repository admin list.

Review Request #12107 — Created March 7, 2022 and submitted March 7, 2022, 4:50 p.m.

Information

Owner

david

Repository

Review Board

Branch

release-5.0.x

Bugs

Depends On

Reviewers

Groups

reviewboard

People

Description

The list of repositories in the admin includes one column which contains
HTML, for the "Hooks" and "RBTools Setup" buttons. The new version of
Django was escaping these because the old allow_tags property has been
removed. This can be solved by marking the content as safe first.

Testing Done

Looked at repository list and saw buttons instead of HTML.

Commits

Summary	ID
Mark HTML row data as safe in repository admin list. The list of repositories in the admin includes one column which contains HTML, for the "Hooks" and "RBTools Setup" buttons. The new version of Django was escaping these because the old `allow_tags` property has been removed. This can be solved by marking the content as safe first. Testing Done: Looked at repository list and saw buttons instead of HTML.	cd5740fd1cd22a857ac70211484ae69393cdf39f

Summary

Mark HTML row data as safe in repository admin list.

The list of repositories in the admin includes one column which contains HTML, for the "Hooks" and "RBTools Setup" buttons. The new version of Django was escaping these because the old `allow_tags` property has been removed. This can be solved by marking the content as safe first. Testing Done: Looked at repository list and saw buttons instead of HTML.

cd5740fd1cd22a857ac70211484ae69393cdf39f

Issues

Description	From	Last Updated
You can get rid of allow_tags. It was deprecated, and is the reason this regressed. We should audit Djblet and …	chipx86	March 7, 2022, 2:44 p.m.

flake8 passed.

JSHint passed.

reviewboard/scmtools/admin.py (Diff revision 1)

The issue has been resolved. Show all issues

You can get rid of allow_tags. It was deprecated, and is the reason this regressed.

We should audit Djblet and RB for this.

david March 7, 2022, 2:45 p.m.

Looks like the only other place we use allow_tags is in the screenshot model, and that method is already returning format_html(...)

Description:

		The list of repositories in the admin includes one column which contains
		HTML, for the "Hooks" and "RBTools Setup" buttons. The new version of
~		Django was escaping these, which can be solved by marking the content as
~		safe first.
	~	Django was escaping these because the old `allow_tags` property has been
	~	removed. This can be solved by marking the content as safe first.

Commits:

	Summary	ID
	Mark HTML row data as safe in repository admin list. The list of repositories in the admin includes one column which contains HTML, for the "Hooks" and "RBTools Setup" buttons. The new version of Django was escaping these, which can be solved by marking the content as safe first. Testing Done: Looked at repository list and saw buttons instead of HTML.	4e23d415d57752303ed33a03a5e295026da77a7f
	Mark HTML row data as safe in repository admin list. The list of repositories in the admin includes one column which contains HTML, for the "Hooks" and "RBTools Setup" buttons. The new version of Django was escaping these because the old `allow_tags` property has been removed. This can be solved by marking the content as safe first. Testing Done: Looked at repository list and saw buttons instead of HTML.	cd5740fd1cd22a857ac70211484ae69393cdf39f

Diff:

Revision 2 (+16 -10)

Show changes

	reviewboard/reviews/models/screenshot.py
	reviewboard/scmtools/admin.py

Checks run (2 succeeded)

flake8 passed.

JSHint passed.

Ship it!

```
Ship It!
```

Status:: Completed
Change Summary:: Pushed to django-3.2 (530dd7b)