Use html_format instead of mark_safe + format (#11086)

* Use html_format instead of mark_safe + format

This isn't a security issue, but it's a good practice to use
html_format.

* Format

Author: stsewd

readthedocs/integrations/admin.py

@@ -2,6 +2,7 @@
 
 from django import urls
 from django.contrib import admin
+from django.utils.html import format_html
 from django.utils.safestring import mark_safe
 from pygments.formatters import HtmlFormatter
 
@@ -110,11 +111,10 @@ def exchanges(self, obj):
                 HttpExchange._meta.model_name,
             ),
         )
-        return mark_safe(
-            '<a href="{}?{}={}">{} HTTP transactions</a>'.format(
-                url,
-                "integrations__pk",
-                obj.pk,
-                obj.exchanges.count(),
-            ),
+        return format_html(
+            '<a href="{}?{}={}">{} HTTP transactions</a>',
+            url,
+            "integrations__pk",
+            obj.pk,
+            obj.exchanges.count(),
         )

readthedocs/projects/validators.py

@@ -7,7 +7,7 @@
 from django.core.exceptions import ValidationError
 from django.core.validators import RegexValidator
 from django.utils.deconstruct import deconstructible
-from django.utils.safestring import mark_safe
+from django.utils.html import format_html
 from django.utils.translation import gettext_lazy as _
 
 from readthedocs.projects.constants import LANGUAGES
@@ -114,11 +114,12 @@ def validate_build_config_file(path):
         )
     if any(ch in path for ch in invalid_characters):
         raise ValidationError(
-            mark_safe(
+            format_html(
                 _(
                     "Found invalid character. Avoid these characters: "
                     "<code>{invalid_characters}</code>"
-                ).format(invalid_characters=invalid_characters),
+                ),
+                invalid_characters=invalid_characters,
             ),
             code="path_invalid",
         )
@@ -128,19 +129,17 @@ def validate_build_config_file(path):
     )
     if not is_valid and len(valid_filenames) == 1:
         raise ValidationError(
-            mark_safe(
-                _("The only allowed filename is <code>{filename}</code>.").format(
-                    filename=valid_filenames[0]
-                ),
+            format_html(
+                _("The only allowed filename is <code>{filename}</code>."),
+                filename=valid_filenames[0],
             ),
             code="path_invalid",
         )
     if not is_valid:
         raise ValidationError(
-            mark_safe(
-                _("The only allowed filenames are <code>{filenames}</code>.").format(
-                    filenames=", ".join(valid_filenames)
-                ),
+            format_html(
+                _("The only allowed filenames are <code>{filenames}</code>."),
+                filenames=", ".join(valid_filenames),
             ),
             code="path_invalid",
         )

readthedocs/projects/views/private.py

@@ -15,7 +15,7 @@
 from django.shortcuts import get_object_or_404
 from django.urls import reverse
 from django.utils import timezone
-from django.utils.safestring import mark_safe
+from django.utils.html import format_html
 from django.utils.translation import gettext_lazy as _
 from django.views.generic import ListView, TemplateView
 from formtools.wizard.views import SessionWizardView
@@ -371,16 +371,15 @@ def get(self, request, *args, **kwargs):
             provider_account = account.get_provider_account()
             messages.error(
                 request,
-                mark_safe((
+                format_html(
                     _(
                         'There is a problem with your {service} account, '
                         'try reconnecting your account on your '
                         '<a href="{url}">connected services page</a>.',
-                    ).format(
-                        service=provider_account.get_brand()['name'],
-                        url=reverse('socialaccount_connections'),
-                    )
-                )),  # yapf: disable
+                    ),
+                    service=provider_account.get_brand()["name"],
+                    url=reverse("socialaccount_connections"),
+                ),
             )
         return super().get(request, *args, **kwargs)