Be more careful with escaping content in datagrids.

Review Request #9626 — Created Feb. 12, 2018 and submitted

Information

Djblets
master
33aae98...

Reviewers

Datagrids were assuming some content was HTML-safe. This wasn't
user-provided input, but rather labels passed to columns. While not
normally a problem, it could be problematic accidentally, depending on
label content and translations.

This changes most of the code to use format_html instead of
mark_safe in several places, helping to protect against mistakes.
It also adds unit tests for CheckboxColumn, which had the bulk of the
changes.

Unit tests pass.

david
  1. Ship It!
  2. 
      
chipx86
Review request changed
Status:
Completed
Change Summary:
Pushed to release-1.0.x (529775c)