diff --git a/src/registrar/templates/includes/form_errors.html b/src/registrar/templates/includes/form_errors.html index 7dc99b235..dbbecae36 100644 --- a/src/registrar/templates/includes/form_errors.html +++ b/src/registrar/templates/includes/form_errors.html @@ -1,8 +1,3 @@ -{% comment %} -This only shows non-field errors at the top of form pages. -The individual field errors are not shown at the top of the -page, they are shown on each individual field. -{% endcomment %} {% if form.errors %} {% for error in form.non_field_errors %}
@@ -11,4 +6,13 @@ page, they are shown on each individual field.
{% endfor %} + {% for field in form %} + {% for error in field.errors %} +
+
+ {{ error|escape }} +
+
+ {% endfor %} +{% endfor %} {% endif %} diff --git a/src/registrar/views/application.py b/src/registrar/views/application.py index 99dc26cfb..e92a9efab 100644 --- a/src/registrar/views/application.py +++ b/src/registrar/views/application.py @@ -321,19 +321,6 @@ class ApplicationWizard(LoginRequiredMixin, TemplateView): # always save progress self.save(forms) else: - # unless there are errors - # no sec because this use of mark_safe does not introduce a cross-site - # scripting vulnerability because there is no untrusted content inside. - # It is only being used to pass a specific HTML entity into a template. - messages.warning( - request, - mark_safe( # nosec - "We could not save all the fields.
The highlighted " - + "fields below could not be saved because they have " - + "missing or invalid data. All other information on this page " - + "has been saved." - ), - ) context = self.get_context_data() context["forms"] = forms return render(request, self.template_name, context)