__str__ must return str so can not return safe str

morever, format_html is recommanded by the doc for that usage.
2014-10-02 18:45:06 +02:00 · 2014-10-02 18:45:06 +02:00 · 1e293bd727
commit 1e293bd727
parent 78b2967e19
2 changed files with 3 additions and 6 deletions
--- a/templates/tracker/issue_details.html
+++ b/templates/tracker/issue_details.html
@ -34,7 +34,7 @@
      <div class="panel-heading">
        <span class="badge"><span class="glyphicon glyphicon-{{ event.glyphicon }}"></span></span>
        &#160;
-        <a href="{% same_author event.author %}"><b>{{ event.author}}</b></a> {{ event }} {{ event.date|naturaltime }}
+        <a href="{% same_author event.author %}"><b>{{ event.author}}</b></a> {{ event|safe }} {{ event.date|naturaltime }}
        {% if event.code == event.DESCRIBE %}
        <div class="pull-right">
          {% if perm.delete_issue %}
--- a/tracker/models.py
+++ b/tracker/models.py
@ -1,7 +1,7 @@
 from django.db import models
 from django.core.validators import RegexValidator
 from django.utils.safestring import mark_safe
-from django.utils.html import escape
+from django.utils.html import escape, format_html
 from django.utils.encoding import python_2_unicode_compatible
 from django import VERSION

@ -359,10 +359,7 @@ class Event(models.Model):
        else:
            return None

-        # Escape args
-        safe_args = {k: escape(v) for k, v in args.items()}
-
-        return mark_safe(description.format(**safe_args))
+        return format_html(description, **args)


 if VERSION < (1, 7):