From 1e293bd7277e59c91adf2a1d9157ee00f6c3abd6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89lie=20Bouttier?= <elie@bouttier.eu>
Date: Thu, 2 Oct 2014 18:45:06 +0200
Subject: [PATCH] __str__ must return str so can not return safe str

morever, format_html is recommanded by the doc for that usage.
---
 templates/tracker/issue_details.html | 2 +-
 tracker/models.py                    | 7 ++-----
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/templates/tracker/issue_details.html b/templates/tracker/issue_details.html
index 79a9bf3..0422336 100644
--- a/templates/tracker/issue_details.html
+++ b/templates/tracker/issue_details.html
@@ -34,7 +34,7 @@
       <div class="panel-heading">
         <span class="badge"><span class="glyphicon glyphicon-{{ event.glyphicon }}"></span></span>
         &#160;
-        <a href="{% same_author event.author %}"><b>{{ event.author}}</b></a> {{ event }} {{ event.date|naturaltime }}
+        <a href="{% same_author event.author %}"><b>{{ event.author}}</b></a> {{ event|safe }} {{ event.date|naturaltime }}
         {% if event.code == event.DESCRIBE %}
         <div class="pull-right">
           {% if perm.delete_issue %}
diff --git a/tracker/models.py b/tracker/models.py
index 8a97b0b..fc6366e 100644
--- a/tracker/models.py
+++ b/tracker/models.py
@@ -1,7 +1,7 @@
 from django.db import models
 from django.core.validators import RegexValidator
 from django.utils.safestring import mark_safe
-from django.utils.html import escape
+from django.utils.html import escape, format_html
 from django.utils.encoding import python_2_unicode_compatible
 from django import VERSION
 
@@ -359,10 +359,7 @@ class Event(models.Model):
         else:
             return None
 
-        # Escape args
-        safe_args = {k: escape(v) for k, v in args.items()}
-
-        return mark_safe(description.format(**safe_args))
+        return format_html(description, **args)
 
 
 if VERSION < (1, 7):