diff --git a/orchestra/admin/utils.py b/orchestra/admin/utils.py
index ccf22b49..764edf84 100644
--- a/orchestra/admin/utils.py
+++ b/orchestra/admin/utils.py
@@ -10,7 +10,7 @@ from django.urls import reverse, NoReverseMatch
from django.db import models
from django.shortcuts import redirect
from django.utils import timezone
-from django.utils.html import escape
+from django.utils.html import escape, format_html
from django.utils.safestring import mark_safe
from orchestra.models.utils import get_field_value
@@ -158,7 +158,7 @@ def admin_date(*args, **kwargs):
date = date.strftime("%Y-%m-%d %H:%M:%S %Z")
else:
date = date.strftime("%Y-%m-%d")
- return '{1}'.format(date, escape(natural))
+ return format_html('{1}', date, natural)
def get_object_from_url(modeladmin, request):
diff --git a/orchestra/contrib/accounts/admin.py b/orchestra/contrib/accounts/admin.py
index 2008fb6b..a046a4a5 100644
--- a/orchestra/contrib/accounts/admin.py
+++ b/orchestra/contrib/accounts/admin.py
@@ -207,6 +207,7 @@ class AccountAdminMixin(object):
account = None
list_select_related = ('account',)
+ @mark_safe
def display_active(self, instance):
if not instance.is_active:
return '
' % static('admin/img/icon-no.svg')
diff --git a/orchestra/contrib/bills/admin.py b/orchestra/contrib/bills/admin.py
index 560819c8..c7c4fc43 100644
--- a/orchestra/contrib/bills/admin.py
+++ b/orchestra/contrib/bills/admin.py
@@ -7,6 +7,7 @@ from django.db import models
from django.db.models import F, Sum, Prefetch
from django.db.models.functions import Coalesce
from django.templatetags.static import static
+from django.utils.html import format_html
from django.utils.safestring import mark_safe
from django.utils.translation import ugettext_lazy as _
from django.shortcuts import redirect
@@ -67,6 +68,7 @@ class BillLineInline(admin.TabularInline):
order_link = admin_link('order', display='pk')
+ @mark_safe
def display_total(self, line):
if line.pk:
total = line.compute_total()
@@ -242,6 +244,7 @@ class BillLineManagerAdmin(BillLineAdmin):
class BillAdminMixin(AccountAdminMixin):
+ @mark_safe
def display_total_with_subtotals(self, bill):
if bill.pk:
currency = settings.BILLS_CURRENCY.lower()
@@ -255,6 +258,7 @@ class BillAdminMixin(AccountAdminMixin):
display_total_with_subtotals.short_description = _("total")
display_total_with_subtotals.admin_order_field = 'approx_total'
+ @mark_safe
def display_payment_state(self, bill):
if bill.pk:
t_opts = bill.transactions.model._meta
@@ -376,7 +380,7 @@ class BillAdmin(BillAdminMixin, ExtendedModelAdmin):
def display_total(self, bill):
currency = settings.BILLS_CURRENCY.lower()
- return '%s &%s;' % (bill.compute_total(), currency)
+ return format_html('{} &{};', bill.compute_total(), currency)
display_total.allow_tags = True
display_total.short_description = _("total")
display_total.admin_order_field = 'approx_total'
@@ -384,7 +388,7 @@ class BillAdmin(BillAdminMixin, ExtendedModelAdmin):
def type_link(self, bill):
bill_type = bill.type.lower()
url = reverse('admin:bills_%s_changelist' % bill_type)
- return '%s' % (url, bill.get_type_display())
+ return format_html('{}', url, bill.get_type_display())
type_link.allow_tags = True
type_link.short_description = _("type")
type_link.admin_order_field = 'type'
diff --git a/orchestra/contrib/websites/admin.py b/orchestra/contrib/websites/admin.py
index fc54b4bc..8e597d86 100644
--- a/orchestra/contrib/websites/admin.py
+++ b/orchestra/contrib/websites/admin.py
@@ -3,6 +3,7 @@ from django.contrib import admin
from django.urls import resolve
from django.db.models import Q
from django.utils.encoding import force_text
+from django.utils.safestring import mark_safe
from django.utils.translation import ugettext_lazy as _
from orchestra.admin import ExtendedModelAdmin
@@ -78,6 +79,7 @@ class WebsiteAdmin(SelectAccountAdminMixin, ExtendedModelAdmin):
search_fields = ('name', 'account__username', 'domains__name', 'content__webapp__name')
actions = (disable, enable, list_accounts)
+ @mark_safe
def display_domains(self, website):
domains = []
for domain in website.domains.all():