refactor: Use mark_safe for HTML content in admin views

Updated the admin views in digest_admin, feed_admin, and tag_admin to use mark_safe with format_html for rendering HTML content safely. This change enhances security by ensuring that the HTML is properly marked as safe for rendering. Additionally, modified the status_icon function in modelAdmin_utils to apply the same approach for status icons.

Author: versun

core/admin/digest_admin.py

@@ -241,7 +241,7 @@ def show_tags(self, obj):
             f"<a href='{reverse('admin:core_tag_change', args=[t.id])}'>#{t.name}</a>"
             for t in obj.tags.all()
         )
-        return format_html(tags_html)
+        return format_html("{}", mark_safe(tags_html))
 
     @admin.display(description=_("AI Agent"))
     def summarizer_name(self, obj):

core/admin/feed_admin.py

@@ -273,7 +273,7 @@ def translation_options(self, obj):
             html_content += f"✔️{_('Content')}<br>"
         if obj.summary:
             html_content += f"✔️{_('Summary')}<br>"
-        return format_html(html_content)
+        return format_html("{}", mark_safe(html_content))
 
     @admin.display(description=_("Log"))
     def show_log(self, obj):
@@ -330,7 +330,7 @@ def show_filters(self, obj):
             f"<a href='{reverse('admin:core_filter_change', args=[f.id])}'>{f.name}</a>"
             for f in obj.filters.all()
         )
-        return format_html(filters_html)
+        return format_html("{}", mark_safe(filters_html))
 
     @admin.display(description=_("tags"))
     def show_tags(self, obj):
@@ -340,7 +340,7 @@ def show_tags(self, obj):
             f"<a href='{reverse('admin:core_tag_change', args=[t.id])}'>#{t.name}</a>"
             for t in obj.tags.all()
         )
-        return format_html(tags_html)
+        return format_html("{}", mark_safe(tags_html))
 
 
 core_admin_site.register(Feed, FeedAdmin)

core/admin/tag_admin.py

@@ -1,6 +1,6 @@
 import logging
 from django.contrib import admin
-from django.utils.html import format_html
+from django.utils.html import format_html, mark_safe
 from django.utils.translation import gettext_lazy as _
 from django.urls import reverse
 from core.models import Tag
@@ -33,7 +33,7 @@ def show_filters(self, obj):
             f"<a href='{reverse('admin:core_filter_change', args=[f.id])}'>{f.name}</a>"
             for f in obj.filters.all()
         )
-        return format_html(filters_html)
+        return format_html("{}", mark_safe(filters_html))
 
     @admin.display(description="URL")
     def show_url(self, obj):

utils/modelAdmin_utils.py

@@ -1,4 +1,4 @@
-from django.utils.html import format_html
+from django.utils.html import format_html, mark_safe
 from django.contrib.contenttypes.models import ContentType
 from core.models import OpenAIAgent, DeepLAgent, LibreTranslateAgent, TestAgent
 
@@ -50,11 +50,16 @@ def status_icon(status):
     match status:
         case None:
             return format_html(
-                "<img src='/static/img/icon-loading.svg' alt='In Progress'>"
+                "{}",
+                mark_safe("<img src='/static/img/icon-loading.svg' alt='In Progress'>")
             )
         case True:
             return format_html(
-                "<img src='/static/admin/img/icon-yes.svg' alt='Succeed'>"
+                "{}",
+                mark_safe("<img src='/static/admin/img/icon-yes.svg' alt='Succeed'>")
             )
         case False:
-            return format_html("<img src='/static/admin/img/icon-no.svg' alt='Error'>")
+            return format_html(
+                "{}",
+                mark_safe("<img src='/static/admin/img/icon-no.svg' alt='Error'>")
+            )