Be more careful with escaping content in datagrids.

Review Request #9626 - Created Feb. 12, 2018 and submitted

Christian Hammond
Djblets
master
33aae98...
djblets

Datagrids were assuming some content was HTML-safe. This wasn't
user-provided input, but rather labels passed to columns. While not
normally a problem, it could be problematic accidentally, depending on
label content and translations.

This changes most of the code to use format_html instead of
mark_safe in several places, helping to protect against mistakes.
It also adds unit tests for CheckboxColumn, which had the bulk of the
changes.

Unit tests pass.

David Trowbridge
  1. Ship It!
  2. 
      
Christian Hammond
Review request changed

Status: Closed (submitted)

Change Summary:

Pushed to release-1.0.x (529775c)
Loading...