Phase 2: convert primitives to nodes via a whitelist element factory

Generic leaf builders (Div, Span, Td, Tr, Th, Ul, Li, Strong, Label,
Template, P) are now generated from one _html_element factory over the
single Element class — the tag name is data, not a per-tag body. Only
elements that add classes/behaviour (Button, Pill, Checkbox, Radio,
Input, A, SearchField, H1, Modal, AddForm, tables) stay hand-written.
All primitives now return Node objects; string-built widgets (Icon,
SimpleTable, YearPicker) return Safe, and YearPicker declares its
datepicker media. Raw concatenation (_popover_html, Popover slot) uses
Fragment.

Node.__str__/__html__ now return a SafeString: a node's rendered output
is safe HTML by construction, so str(node) stays safe when fed back into
a child list or template (matching the old SafeText behaviour and
preventing double-escaping).

Consumers adapted: the form widgets (SearchSelectWidget,
PrimitiveCheckboxWidget) return render(component) so Django gets a safe
string; the session form's manual field markup joins via str(row).
Component tests render nodes to HTML before asserting.

https://claude.ai/code/session_01BKurBhE3Qj25p7Bfsg7EeK

This commit is contained in:

Claude

2026-06-13 07:16:59 +00:00

parent f673f3ac80

commit 4031657bb5

6 changed files with 217 additions and 205 deletions

									
										games/views/session.py
									
		+1
		-1
	
												View File
												
				@@ -236,7 +236,7 @@ def _session_fields(form) -> SafeText:

				                )

				            )

				        rows.append(Div(children=children))

				    return mark_safe("\n".join(rows))

				    return mark_safe("\n".join(str(row) for row in rows))

				@login_required