1717from django .urls import reverse
1818from django .forms import ValidationError , ModelForm
1919from django .http import HttpResponseRedirect
20- from django .utils .html import escape
20+ from django .utils .html import escape , format_html
21+ from django .utils .safestring import mark_safe
2122from django_ace import AceWidget
2223from django_object_actions import DjangoObjectActions
2324from . import models
@@ -140,19 +141,25 @@ class InlineApiKeyAdmin(admin.StackedInline):
140141
141142 def permissions_list (self , instance ):
142143 if instance .pk :
143- return '<ul>%s</ul>' % '' .join (['<li>%s</li>' % (escape (permission ),) for permission in instance .permissions .all ()])
144+ return format_html (
145+ '<ul>{}</ul>' ,
146+ mark_safe ('' .join ([
147+ format_html ('<li>{}</li>' , escape (permission ))
148+ for permission in instance .permissions .all ()
149+ ]))
150+ )
144151 else :
145152 return ''
146153
147154 def edit_url (self , instance ):
148155 if instance .pk is None :
149156 return '(You must save your dataset before you can edit the permissions on your API key.)'
150157 else :
151- return (
152- '<a href="%s"><strong>Edit permissions</strong></a>' % (reverse ('admin:sa_api_v2_apikey_change' , args = [instance .pk ]))
153- + self .permissions_list (instance )
158+ return format_html (
159+ '<a href="{}"><strong>Edit permissions</strong></a>{}' ,
160+ reverse ('admin:sa_api_v2_apikey_change' , args = [instance .pk ]),
161+ self .permissions_list (instance )
154162 )
155- edit_url .allow_tags = True
156163
157164
158165class InlineOriginAdmin (admin .StackedInline ):
@@ -164,19 +171,25 @@ class InlineOriginAdmin(admin.StackedInline):
164171
165172 def permissions_list (self , instance ):
166173 if instance .pk :
167- return '<ul>%s</ul>' % '' .join (['<li>%s</li>' % (escape (permission ),) for permission in instance .permissions .all ()])
174+ return format_html (
175+ '<ul>{}</ul>' ,
176+ mark_safe ('' .join ([
177+ format_html ('<li>{}</li>' , escape (permission ))
178+ for permission in instance .permissions .all ()
179+ ]))
180+ )
168181 else :
169182 return ''
170183
171184 def edit_url (self , instance ):
172185 if instance .pk is None :
173186 return '(You must save your dataset before you can edit the permissions on your origin.)'
174187 else :
175- return (
176- '<a href="%s"><strong>Edit permissions</strong></a>' % (reverse ('admin:sa_api_v2_origin_change' , args = [instance .pk ]))
177- + self .permissions_list (instance )
188+ return format_html (
189+ '<a href="{}"><strong>Edit permissions</strong></a>{}' ,
190+ reverse ('admin:sa_api_v2_origin_change' , args = [instance .pk ]),
191+ self .permissions_list (instance )
178192 )
179- edit_url .allow_tags = True
180193
181194
182195class InlineGroupAdmin (admin .StackedInline ):
@@ -187,19 +200,25 @@ class InlineGroupAdmin(admin.StackedInline):
187200
188201 def permissions_list (self , instance ):
189202 if instance .pk :
190- return '<ul>%s</ul>' % '' .join (['<li>%s</li>' % (escape (permission ),) for permission in instance .permissions .all ()])
203+ return format_html (
204+ '<ul>{}</ul>' ,
205+ mark_safe ('' .join ([
206+ format_html ('<li>{}</li>' , escape (permission ))
207+ for permission in instance .permissions .all ()
208+ ]))
209+ )
191210 else :
192211 return ''
193212
194213 def edit_url (self , instance ):
195214 if instance .pk is None :
196215 return '(You must save your dataset before you can edit the permissions on your API key.)'
197216 else :
198- return (
199- '<a href="%s"><strong>Edit permissions</strong></a>' % (reverse ('admin:sa_api_v2_group_change' , args = [instance .pk ]))
200- + self .permissions_list (instance )
217+ return format_html (
218+ '<a href="{}"><strong>Edit permissions</strong></a>{}' ,
219+ reverse ('admin:sa_api_v2_group_change' , args = [instance .pk ]),
220+ self .permissions_list (instance )
201221 )
202- edit_url .allow_tags = True
203222
204223
205224class InlineDataSetPermissionAdmin (admin .TabularInline ):
@@ -266,13 +285,11 @@ def clone_dataset(self, request, obj):
266285 def places (self , instance ):
267286 path = '/admin/sa_api_v2/place/?dataset={}'
268287 path = path .format (instance .slug )
269- return '<a href="{0}">{0}</a>' .format (path )
270- places .allow_tags = True
288+ return format_html ('<a href="{0}">{0}</a>' , path )
271289
272290 def api_path (self , instance ):
273291 path = reverse ('dataset-detail' , args = [instance .owner , instance .slug ])
274- return '<a href="{0}">{0}</a>' .format (path )
275- api_path .allow_tags = True
292+ return format_html ('<a href="{0}">{0}</a>' , path )
276293
277294 def get_queryset (self , request ):
278295 qs = super (DataSetAdmin , self ).get_queryset (request )
@@ -303,8 +320,7 @@ class PlaceAdmin(SubmittedThingAdmin):
303320
304321 def api_path (self , instance ):
305322 path = reverse ('place-detail' , args = [instance .dataset .owner , instance .dataset .slug , instance .id ])
306- return '<a href="{0}">{0}</a>' .format (path )
307- api_path .allow_tags = True
323+ return format_html ('<a href="{0}">{0}</a>' , path )
308324
309325
310326class SubmissionAdmin (SubmittedThingAdmin ):
@@ -327,8 +343,7 @@ def place(self, obj):
327343
328344 def api_path (self , instance ):
329345 path = reverse ('submission-detail' , args = [instance .dataset .owner , instance .dataset .slug , instance .place .id , instance .set_name , instance .id ])
330- return '<a href="{0}">{0}</a>' .format (path )
331- api_path .allow_tags = True
346+ return format_html ('<a href="{0}">{0}</a>' , path )
332347
333348
334349class ActionAdmin (admin .ModelAdmin ):
0 commit comments