flake8
passed.
JSHint
passed.
Review Request #9626 — Created Feb. 12, 2018 and submitted
Datagrids were assuming some content was HTML-safe. This wasn't
user-provided input, but rather labels passed to columns. While not
normally a problem, it could be problematic accidentally, depending on
label content and translations.This changes most of the code to use
format_html
instead of
mark_safe
in several places, helping to protect against mistakes.
It also adds unit tests forCheckboxColumn
, which had the bulk of the
changes.
Unit tests pass.