Re: [Django] #20211: BoundField.label_tag now always escapes its `contents` parameter.

2013-04-12 Thread Django 
#20211: BoundField.label_tag now always escapes its `contents` parameter.
-+-
 Reporter:  bmispelon|Owner:  bmispelon
 Type:  Bug  |   Status:  closed
Component:  Documentation|  Version:  1.5
 Severity:  Release blocker  |   Resolution:  fixed
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by Claude Paroz ):

 In [changeset:"9c49e64b66994ff25980d9d0d21ce3599b17cc4b"]:
 {{{
 #!CommitTicketReference repository=""
 revision="9c49e64b66994ff25980d9d0d21ce3599b17cc4b"
 [1.5.x] Fixed #20211: Document backwards-incompatible change in
 BoundField.label_tag

 Also cleaned up label escaping and consolidated the test suite regarding
 label_tag.
 Backport of ab686022f from master.
 }}}

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Django] #20211: BoundField.label_tag now always escapes its `contents` parameter.

2013-04-12 Thread Django 
#20211: BoundField.label_tag now always escapes its `contents` parameter.
-+-
 Reporter:  bmispelon|Owner:  bmispelon
 Type:  Bug  |   Status:  closed
Component:  Documentation|  Version:  1.5
 Severity:  Release blocker  |   Resolution:  fixed
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Claude Paroz ):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 In [changeset:"ab686022f8619b57e7f851fb2ce8617583d70d8d"]:
 {{{
 #!CommitTicketReference repository=""
 revision="ab686022f8619b57e7f851fb2ce8617583d70d8d"
 Fixed #20211: Document backwards-incompatible change in
 BoundField.label_tag

 Also cleaned up label escaping and consolidated the test suite regarding
 label_tag.
 }}}

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Django] #20211: BoundField.label_tag now always escapes its `contents` parameter.

2013-04-11 Thread Django 
#20211: BoundField.label_tag now always escapes its `contents` parameter.
-+-
 Reporter:  bmispelon|Owner:  bmispelon
 Type:  Bug  |   Status:  new
Component:  Documentation|  Version:  1.5
 Severity:  Release blocker  |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by bmispelon):

 After a comment from claudep, I removed the accidental fix for the
 regression.

 The regression will be fixed with #20221 by fixing `conditional_escape`
 which is the root cause of this bug.

 I've also added some more test for when a field as no id, which triggers a
 different code path in `label_tag` which wasn't tested before.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Django] #20211: BoundField.label_tag now always escapes its `contents` parameter.

2013-04-08 Thread Django 
#20211: BoundField.label_tag now always escapes its `contents` parameter.
-+-
 Reporter:  bmispelon|Owner:  bmispelon
 Type:  Bug  |   Status:  new
Component:  Documentation|  Version:  1.5
 Severity:  Release blocker  |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by bmispelon):

 * severity:  Normal => Release blocker
 * stage:  Ready for checkin => Accepted


Comment:

 I've discovered that the PR also inadvertently fixes a regression between
 1.4 and 1.5, where the label was escaped twice if it's a lazily-translated
 string (from ugettext_lazy).

 I've added another test to check for that behavior so I'm removing the RFC
 status.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Django] #20211: BoundField.label_tag now always escapes its `contents` parameter.

2013-04-06 Thread Django 
#20211: BoundField.label_tag now always escapes its `contents` parameter.
-+-
 Reporter:  bmispelon|Owner:  bmispelon
 Type:  Bug  |   Status:  new
Component:  Documentation|  Version:  1.5
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Ready for
Has patch:  1|  checkin
  Needs tests:  0|  Needs documentation:  0
Easy pickings:  0|  Patch needs improvement:  0
 |UI/UX:  0
-+-
Changes (by claudep):

 * stage:  Unreviewed => Ready for checkin


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Django] #20211: BoundField.label_tag now always escapes its `contents` parameter.

2013-04-06 Thread Django 
#20211: BoundField.label_tag now always escapes its `contents` parameter.
---+--
 Reporter:  bmispelon  |Owner:  bmispelon
 Type:  Bug|   Status:  new
Component:  Documentation  |  Version:  1.5
 Severity:  Normal |   Resolution:
 Keywords: | Triage Stage:  Unreviewed
Has patch:  1  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+--
Changes (by bmispelon):

 * needs_better_patch:   => 0
 * has_patch:  0 => 1
 * component:  Forms => Documentation
 * needs_tests:   => 0
 * needs_docs:   => 0


Comment:

 Well it turned out the behavior is intended, since the docstring of the
 method now reads:
 {{{
 contents should be 'mark_safe'd to avoid HTML escaping.
 }}}

 So I made a pull request that adds a note in the backwards-incompatible
 changes of the 1.5 release notes.

 I also added some tests for the `label_tag` functionalities (it didn't
 seem to be tested very much) and removed a call to `conditional_escape`
 that was not needed since everything gets escaped by `format_html` later
 on.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Django] #20211: BoundField.label_tag now always escapes its `contents` parameter.

2013-04-06 Thread Django 
#20211: BoundField.label_tag now always escapes its `contents` parameter.
+---
 Reporter:  bmispelon   |  Owner:  bmispelon
 Type:  Bug | Status:  new
Component:  Forms   |Version:  1.5
 Severity:  Normal  |   Keywords:
 Triage Stage:  Unreviewed  |  Has patch:  0
Easy pickings:  0   |  UI/UX:  0
+---
 This behavior changed between 1.4 and 1.5:

 {{{
 #!python
 class FooForm(forms.Form):
 foo = forms.CharField()

 print FooForm().foo.label_tag('')
 }}}

 In 1.4, the output of the previous code was this:
 {{{
 #!python
 
 }}}

 In 1.5, we get this:
 {{{
 #!python
 asdf
 }}}

 This was changed by commit a92e7f37c4ae84b6b8d8016cc6783211e9047219.

 I think the original intention was to **not** escape the content if it was
 provided, as indicated by the first line of the method
 (https://github.com/django/django/blob/master/django/forms/forms.py#L522):
 {{{
 #!python
 contents = contents or conditional_escape(self.label)
 }}}

 This conditional escape is rendered moot by the use of `format_html` later
 on (introduced by the commit I linked above), which escapes everything
 anyway.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.