templates/files: narrow down scope of webhelpers.html.literal In the 'Show Authors' functionality on a file of a repository, the following construct: h.literal(ungettext('..A..') % (..B..)) can be simplified. Here, literal was used to cater for explicit HTML tags in the (..B..) part only. There is no need to apply literal on the '..A..' part. A better structure of this code is: h.HTML(ungettext('..A..')) % h.literal(..B..) Note that we still need to wrap the '..A..' part in webhelpers.html.HTML to make sure the '%' operator will preserve the 'literal' property. See also the documentation: (the text below for 'literal' also applies to 'HTML') https://docs.pylonsproject.org/projects/webhelpers/en/latest/modules/html/builder.html " When literal is used in a mixed expression containing both literals and ordinary strings, it tries hard to escape the strings and return a literal. However, this depends on which value has “control” of the expression. literal seems to be able to take control with all combinations of the + operator, but with % and join it must be on the left side of the expression. So these all work: "A" + literal("B") literal(", ").join(["A", literal("B")]) literal("%s %s") % (16, literal("kg")) But these return an ordinary string which is prone to double-escaping later: "\n".join([literal('<span class="foo">Foo!</span>'), literal('Bar!')]) "%s %s" % (literal("16"), literal("&lt;em&gt;kg&lt;/em&gt;")) "

--- a/kallithea/templates/files/files_history_box.html	Mon Apr 29 21:33:45 2019 +0200
+++ b/kallithea/templates/files/files_history_box.html	Mon Apr 29 21:46:44 2019 +0200
@@ -1,5 +1,5 @@
 <div class="form-group">
-    <span>${h.literal(ungettext(u'%s author',u'%s authors',len(c.authors)) % ('<b>%s</b>' % len(c.authors))) }</span>
+    <span>${h.HTML(ungettext(u'%s author',u'%s authors',len(c.authors))) % h.literal('<b>%s</b>' % len(c.authors)) }</span>
     %for email, user in c.authors:
       <span data-toggle="tooltip" title="${user}">
         ${h.gravatar_div(email, size=20)}