Version 0.9.0 is out and you should update because of security reasons. An XSS bug has been fixed, thanks to Charlie Denton for reporting it. If you are using django-uni-form and a form field that renders the input of a field as part of the error message without sanitizing it, such as
ChoiceField, you are vulnerable to it. This is because errors are rendered using
This has been addressed as fast as possible. Fixes for previous versions might come in the soon future. PyPi package has been update so you can do:
pip install --upgrade django-uni-form
This is the commit that introduced the security bug, as you can see it affects version 0.7.0 and forward versions.
I want to thank every contributor and user that has made this version rock even more than previous ones.
It’s got support for
show_hidden_initial, Fieldset’s legends internationalization,
MultiField layout object has fixed markup and has been optimized.
The project has seen several performance tune ups, related to templates handling, that make it run blazing fast. You can run now django-uni-form without template caching only one second slower than the cached version.
All layout objects have now an attribute named
template that points to a template file. This template is in charge of how the rendering of the layout object. Using you custom templates for layout objects is not a hassle anymore.
The docs are on their way to be easier to grok for new comers. New sections have been added that explain some of the new 0.9.0 features and some of the most hidden features of django-uni-form. It’s got now more examples and use cases, that will hopefully resolve some of the most seen questions. For better readability we are now using kenneth Reitz kr sphinx themes, based on Flask themes, for read the docs.
If you have a layout shared by many forms, you will be able to do some neat layout inheritance with it. That will help you being more DRY.
helpers.py file has been divided into three different files:
utils.py. You can still import everything using
helpers, but a deprecation warning has been added, so that you can start moving to the new importing structure.
layout holds the
Layout class and layout objects, while
render_field, an internal function used for rendering your django-uni-form layouts.
This is the only way we will be able to mantain the quality of this project and keep up the pace of faster release cycles.