magic-removal: Merged to [1982]

git-svn-id: http://code.djangoproject.com/svn/django/branches/magic-removal@1983 bcc190cf-cafb-0310-a4f2-bffc1f526a37

django/contrib/admin/templatetags/admin_list.py

@@ -5,7 +5,7 @@ from django import template
 from django.core.exceptions import ObjectDoesNotExist
 from django.db import models
 from django.utils import dateformat
-from django.utils.html import strip_tags, escape
+from django.utils.html import escape
 from django.utils.text import capfirst
 from django.utils.translation import get_date_formats
 from django.conf.settings import ADMIN_MEDIA_PREFIX
@@ -123,7 +123,7 @@ def items_for_result(cl, result):
                 # Strip HTML tags in the resulting text, except if the
                 # function has an "allow_tags" attribute set to True.
                 if not getattr(func, 'allow_tags', False):
-                    result_repr = strip_tags(result_repr)
+                    result_repr = escape(result_repr)
         else:
             field_val = getattr(result, f.attname)
 
@@ -164,7 +164,7 @@ def items_for_result(cl, result):
             elif f.choices:
                 result_repr = dict(f.choices).get(field_val, EMPTY_CHANGELIST_VALUE)
             else:
-                result_repr = strip_tags(str(field_val))
+                result_repr = escape(str(field_val))
         if result_repr == '':
                 result_repr = ' '
         if first: # First column is a special case

django/contrib/admin/views/main.py

@@ -9,7 +9,7 @@ from django.core.exceptions import ImproperlyConfigured, ObjectDoesNotExist, Per
 from django.template import RequestContext as Context
 from django.core.extensions import get_object_or_404, render_to_response
 from django.utils import dateformat
-from django.utils.html import escape, strip_tags
+from django.utils.html import escape
 from django.http import HttpResponse, HttpResponseRedirect
 from django.utils.text import capfirst, get_text_list
 import operator

django/contrib/admin/views/stages/delete.py

@@ -3,7 +3,7 @@ from django.contrib.admin.views.main import get_model_and_app
 from django.core.extensions import get_object_or_404,render_to_response
 from django.template import RequestContext as Context
 from django.utils.text import capfirst
-from django.utils.html import escape, strip_tags
+from django.utils.html import escape
 from django.db import models
 try:
     from django.contrib.admin.models import LogEntry, ADDITION, CHANGE, DELETION
@@ -57,11 +57,11 @@ def _get_deleted_objects(deleted_objects, perms_needed, user, obj, opts, current
                 if related.field.rel.edit_inline or not related.opts.admin:
                     # Don't display link to edit, because it either has no
                     # admin or is edited inline.
-                    nh(deleted_objects, current_depth, ['%s: %s' % (capfirst(related.opts.verbose_name), strip_tags(str(sub_obj))), []])
+                    nh(deleted_objects, current_depth, ['%s: %s' % (capfirst(related.opts.verbose_name), escape(str(sub_obj))), []])
                 else:
                     # Display a link to the admin page.
                     nh(deleted_objects, current_depth, ['%s: <a href="../../../../%s/%s/%s/">%s</a>' % \
-                        (capfirst(related.opts.verbose_name), related.opts.app_label, related.opts.module_name, getattr(sub_obj, related.opts.pk.attname), strip_tags(str(sub_obj))), []])
+                        (capfirst(related.opts.verbose_name), related.opts.app_label, related.opts.module_name, getattr(sub_obj, related.opts.pk.attname), escape(str(sub_obj))), []])
                 _get_deleted_objects(deleted_objects, perms_needed, user, sub_obj, related.opts, current_depth+2)
             # If there were related objects, and the user doesn't have
             # permission to delete them, add the missing perm to perms_needed.
@@ -81,13 +81,13 @@ def _get_deleted_objects(deleted_objects, perms_needed, user, obj, opts, current
                 # Don't display link to edit, because it either has no
                 # admin or is edited inline.
                 nh(deleted_objects, current_depth, [_('One or more %(fieldname)s in %(name)s: %(obj)s') % \
-                    {'fieldname': related.field.name, 'name': related.opts.verbose_name, 'obj': strip_tags(str(sub_obj))}, []])
+                    {'fieldname': related.field.name, 'name': related.opts.verbose_name, 'obj': escape(str(sub_obj))}, []])
             else:
                 # Display a link to the admin page.
                 nh(deleted_objects, current_depth, [
                     (_('One or more %(fieldname)s in %(name)s:') % {'fieldname': related.field.name, 'name':related.opts.verbose_name}) + \
                     (' <a href="../../../../%s/%s/%s/">%s</a>' % \
-                        (related.opts.app_label, related.opts.module_name, getattr(sub_obj, related.opts.pk.attname), strip_tags(str(sub_obj)))), []])
+                        (related.opts.app_label, related.opts.module_name, getattr(sub_obj, related.opts.pk.attname), escape(str(sub_obj)))), []])
         # If there were related objects, and the user doesn't have
         # permission to change them, add the missing perm to perms_needed.
         if related.opts.admin and has_related_objs:
@@ -106,7 +106,7 @@ def delete_stage(request, path, object_id):
 
     # Populate deleted_objects, a data structure of all related objects that
     # will also be deleted.
-    deleted_objects = ['%s: <a href="../../%s/">%s</a>' % (capfirst(opts.verbose_name), object_id, strip_tags(str(obj))), []]
+    deleted_objects = ['%s: <a href="../../%s/">%s</a>' % (capfirst(opts.verbose_name), object_id, escape(str(obj))), []]
     perms_needed = sets.Set()
     _get_deleted_objects(deleted_objects, perms_needed, request.user, obj, opts, 1)