Mark safe for admin form's html content (#542)

jxltom · auvipy · commit ba6a39eea4b5 · 2018-03-23T12:56:19.000+06:00
diff --git a/djcelery/admin.py b/djcelery/admin.py
@@ -10,7 +10,7 @@
 from django.forms.widgets import Select
 from django.shortcuts import render_to_response
 from django.template import RequestContext
-from django.utils.html import escape
+from django.utils.html import escape, format_html, mark_safe
 from django.utils.translation import ugettext_lazy as _
 
 from celery import current_app
@@ -55,37 +55,41 @@ def __init__(self, *args, **kwargs):
 def colored_state(task):
     state = escape(task.state)
     color = TASK_STATE_COLORS.get(task.state, 'black')
-    return '<b><span style="color: {0};">{1}</span></b>'.format(color, state)
+    return format_html(
+        '<b><span style="color: {0};">{1}</span></b>', color, state
+    )
 
 
 @display_field(_('state'), 'last_heartbeat')
 def node_state(node):
     state = node.is_alive() and 'ONLINE' or 'OFFLINE'
     color = NODE_STATE_COLORS[state]
-    return '<b><span style="color: {0};">{1}</span></b>'.format(color, state)
+    return format_html(
+        '<b><span style="color: {0};">{1}</span></b>', color, state
+    )
 
 
 @display_field(_('ETA'), 'eta')
 def eta(task):
     if not task.eta:
-        return '<span style="color: gray;">none</span>'
+        return mark_safe('<span style="color: gray;">none</span>')
     return escape(make_aware(task.eta))
 
 
 @display_field(_('when'), 'tstamp')
 def tstamp(task):
     # convert to local timezone
     value = make_aware(task.tstamp)
-    return '<div title="{0}">{1}</div>'.format(
-        escape(str(value)), escape(naturaldate(value)),
+    return format_html(
+        '<div title="{0}">{1}</div>', str(value), naturaldate(value)
     )
 
 
 @display_field(_('name'), 'name')
 def name(task):
     short_name = abbrtask(task.name, 16)
-    return '<div title="{0}"><b>{1}</b></div>'.format(
-        escape(task.name), escape(short_name),
+    return format_html(
+        '<div title="{0}"><b>{1}</b></div>', task.name, short_name
     )
 
 
diff --git a/djcelery/admin_utils.py b/djcelery/admin_utils.py
@@ -2,7 +2,7 @@
 
 from pprint import pformat
 
-from django.utils.html import escape
+from django.utils.html import format_html, mark_safe
 
 FIXEDWIDTH_STYLE = '''\
 <span title="{0}" style="font-size: {1}pt; \
@@ -43,8 +43,6 @@ def f(task):
 
         if len(shortval) > maxlen:
             shortval = shortval[:maxlen] + '...'
-        styled = FIXEDWIDTH_STYLE.format(
-            escape(val[:255]), pt, escape(shortval),
-        )
-        return styled.replace('|br/|', '<br/>')
+        styled = format_html(FIXEDWIDTH_STYLE, val[:255], pt, shortval)
+        return mark_safe(styled.replace('|br/|', '<br/>'))
     return f
