encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-10-26 05:31:07 +03:00
Code Issues Packages Projects Releases Wiki Activity

Use format_html in tags that generate HTML

Browse Source
This commit is contained in:
José Padilla 2015-10-25 08:19:37 -04:00 committed by José Padilla
parent af5474f9b3
commit 21cad8646a
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
rest_framework/templatetags/rest_framework.py
View File

@ -7,7 +7,7 @@ from django.core.urlresolvers import NoReverseMatch, reverse
from django.template import Context, loader
from django.utils import six
from django.utils.encoding import force_text, iri_to_uri
from django.utils.html import escape, smart_urlquote
from django.utils.html import escape, format_html, smart_urlquote
from django.utils.safestring import SafeData, mark_safe
from rest_framework.renderers import HTMLFormRenderer
@ -48,7 +48,8 @@ def optional_login(request):
return ''
snippet = "<li><a href='{href}?next={next}'>Log in</a></li>"
snippet = snippet.format(href=login_url, next=escape(request.path))
snippet = format_html(snippet, href=login_url, next=escape(request.path))
return mark_safe(snippet)
@ -71,7 +72,8 @@ def optional_logout(request, user):
<li><a href='{href}?next={next}'>Log out</a></li>
</ul>
</li>"""
snippet = snippet.format(user=escape(user), href=logout_url, next=escape(request.path))
snippet = format_html(snippet, user=escape(user), href=logout_url, next=escape(request.path))
return mark_safe(snippet)