Django admin escapes sharable urls

[tartieret]

Bug description

In the admin portal, django escape the sharable url for all blog posts, so the display looks like this:

Instead, this page should display a clickable html link for each blog post.

This issue is caused by using a readonly field in the PostAdmin class, without marking the html string as "safe".

pinax-blog/pinax/blog/admin.py

Line 60 in b6d8755

return '<a href="{}">{}</a>'.format(obj.sharable_url, obj.sharable_url)

Step to reproduce

Create a new post through the admin portal, then visit the list of blog posts.

Additional context
Using django 3.1 but the problem exists with other versions of Django

Solution

The fix is easy, we just have to mark the html as safe to be displayed, using:

from django.utils.safestring import mark_safe

def show_secret_share_url(self, obj):
     return mark_safe( '<a href="{}">{}</a>'.format(obj.sharable_url, obj.sharable_url))

I am happy to submit a pull request to fix it, but is this project still maintained? it shows very little recent activity. More generally speaking, this package perfectly fits my need for a current project, so I am happy to spend some time on it if you are looking for maintainers.