From 5c0096c627a600887e86b4c1694c659a3147a674 Mon Sep 17 00:00:00 2001
From: Alexander Todorov <atodorov@otb.bg>
Date: Mon, 17 Jun 2024 14:41:56 +0300
Subject: [PATCH] Convert rendered string into SafeString

b/c the ability to return a str, rather than a SafeString has been
removed which breaks SimpleMDE rendering b/c the text gets escaped and
not rendered by the browser.

See: https://docs.djangoproject.com/en/5.0/releases/5.0/
---
 tcms/core/widgets.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/tcms/core/widgets.py b/tcms/core/widgets.py
index aad24c7629..4852476a67 100644
--- a/tcms/core/widgets.py
+++ b/tcms/core/widgets.py
@@ -1,4 +1,4 @@
-#   Copyright (c) 2018,2021 Kiwi TCMS project. All rights reserved.
+#   Copyright (c) 2018-2024 Kiwi TCMS project. All rights reserved.
 #   Author: Alexander Todorov <info@kiwitcms.org>
 
 """
@@ -6,6 +6,7 @@
 """
 from django import forms
 from django.utils.dateparse import parse_duration
+from django.utils.safestring import SafeString
 
 
 class SimpleMDE(forms.Textarea):
@@ -24,9 +25,11 @@ def render(self, name, value, attrs=None, renderer=None):
             }
         )
         rendered_string = super().render(name, value, attrs, renderer)
-        rendered_string += f"""
+        rendered_string += SafeString(
+            f"""
 <input id="{self.file_upload_id}" type="file" style="display: none">
 """
+        )
         return rendered_string
 
     class Media: