Ticket #6514: 6514.3.diff
| File 6514.3.diff, 6.9 kB (added by SmileyChris, 10 months ago) |
|---|
-
django/utils/html.py
old new 102 102 if middle.startswith('www.') or ('@' not in middle and not middle.startswith('http://') and \ 103 103 len(middle) > 0 and middle[0] in string.ascii_letters + string.digits and \ 104 104 (middle.endswith('.org') or middle.endswith('.net') or middle.endswith('.com'))): 105 middle = '<a href="http://%s"%s>%s</a>' % ( 106 urlquote(middle, safe='/&=:;#?+'), nofollow_attr, 107 trim_url(middle)) 105 middle = 'http://%s' % middle 108 106 if middle.startswith('http://') or middle.startswith('https://'): 107 url = urlquote(middle, safe='/&=:;#?+') 108 if autoescape and not safe_input: 109 url = escape(url) 110 trimmed_url = trim_url(middle) 109 111 middle = '<a href="%s"%s>%s</a>' % ( 110 urlquote(middle, safe='/&=:;#?+'), nofollow_attr, 111 trim_url(middle)) 112 if '@' in middle and not middle.startswith('www.') and \ 113 not ':' in middle and simple_email_re.match(middle): 112 url, nofollow_attr, trimmed_url 113 ) 114 elif '@' in middle and not middle.startswith('www.') and \ 115 not ':' in middle and simple_email_re.match(middle): 116 if autoescape: 117 middle = conditional_escape(middle) 114 118 middle = '<a href="mailto:%s">%s</a>' % (middle, middle) 115 119 if lead + middle + trail != word: 116 words[i] = lead + middle + trail 120 if autoescape and not safe_input: 121 lead, trail = escape(lead), escape(trail) 122 words[i] = mark_safe(lead + middle + trail) 117 123 elif autoescape and not safe_input: 118 124 words[i] = escape(word) 119 125 elif safe_input: -
tests/regressiontests/templates/filters.py
old new 98 98 'filter-upper01': ('{% autoescape off %}{{ a|upper }} {{ b|upper }}{% endautoescape %}', {"a": "a & b", "b": mark_safe("a & b")}, u"A & B A & B"), 99 99 'filter-upper02': ('{{ a|upper }} {{ b|upper }}', {"a": "a & b", "b": mark_safe("a & b")}, u"A & B A &AMP; B"), 100 100 101 'filter-urlize01': ('{% autoescape off %}{{ a|urlize }} {{ b|urlize }}{% endautoescape %}', {"a": "http://example.com/x=&y=", "b": mark_safe("http://example.com?x=& y=")}, u'<a href="http://example.com/x=&y=" rel="nofollow">http://example.com/x=&y=</a> <a href="http://example.com?x=&y=" rel="nofollow">http://example.com?x=&y=</a>'),102 'filter-urlize02': ('{{ a|urlize }} {{ b|urlize }}', {"a": "http://example.com/ x=&y=", "b": mark_safe("http://example.com?x=&y=")}, u'<a href="http://example.com/x=&y=" rel="nofollow">http://example.com/x=&y=</a> <a href="http://example.com?x=&y=" rel="nofollow">http://example.com?x=&y=</a>'),101 'filter-urlize01': ('{% autoescape off %}{{ a|urlize }} {{ b|urlize }}{% endautoescape %}', {"a": "http://example.com/x=&y=", "b": mark_safe("http://example.com?x=&y=")}, u'<a href="http://example.com/x=&y=" rel="nofollow">http://example.com/x=&y=</a> <a href="http://example.com?x=&y=" rel="nofollow">http://example.com?x=&y=</a>'), 102 'filter-urlize02': ('{{ a|urlize }} {{ b|urlize }}', {"a": "http://example.com/?x=&y=", "b": mark_safe("http://example.com?x=&y=")}, u'<a href="http://example.com/?x=&y=" rel="nofollow">http://example.com/?x=&y=</a> <a href="http://example.com?x=&y=" rel="nofollow">http://example.com?x=&y=</a>'), 103 103 'filter-urlize03': ('{% autoescape off %}{{ a|urlize }}{% endautoescape %}', {"a": mark_safe("a & b")}, 'a & b'), 104 104 'filter-urlize04': ('{{ a|urlize }}', {"a": mark_safe("a & b")}, 'a & b'), 105 105 … … 108 108 'filter-urlize05': ('{% autoescape off %}{{ a|urlize }}{% endautoescape %}', {"a": "<script>alert('foo')</script>"}, "<script>alert('foo')</script>"), 109 109 'filter-urlize06': ('{{ a|urlize }}', {"a": "<script>alert('foo')</script>"}, '<script>alert('foo')</script>'), 110 110 111 'filter-urlizetrunc01': ('{% autoescape off %}{{ a|urlizetrunc:"8" }} {{ b|urlizetrunc:"8" }}{% endautoescape %}', {"a": '"Unsafe" http://example.com/x=&y=', "b": mark_safe('"Safe" http://example.com?x=& y=')}, u'"Unsafe" <a href="http://example.com/x=&y=" rel="nofollow">http:...</a> "Safe" <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'),112 'filter-urlizetrunc02': ('{{ a|urlizetrunc:"8" }} {{ b|urlizetrunc:"8" }}', {"a": '"Unsafe" http://example.com/ x=&y=', "b": mark_safe('"Safe" http://example.com?x=&y=')}, u'"Unsafe" <a href="http://example.com/x=&y=" rel="nofollow">http:...</a> "Safe" <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'),111 'filter-urlizetrunc01': ('{% autoescape off %}{{ a|urlizetrunc:"8" }} {{ b|urlizetrunc:"8" }}{% endautoescape %}', {"a": '"Unsafe" http://example.com/x=&y=', "b": mark_safe('"Safe" http://example.com?x=&y=')}, u'"Unsafe" <a href="http://example.com/x=&y=" rel="nofollow">http:...</a> "Safe" <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'), 112 'filter-urlizetrunc02': ('{{ a|urlizetrunc:"8" }} {{ b|urlizetrunc:"8" }}', {"a": '"Unsafe" http://example.com/?x=&y=', "b": mark_safe('"Safe" http://example.com?x=&y=')}, u'"Unsafe" <a href="http://example.com/?x=&y=" rel="nofollow">http:...</a> "Safe" <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'), 113 113 114 114 'filter-wordcount01': ('{% autoescape off %}{{ a|wordcount }} {{ b|wordcount }}{% endautoescape %}', {"a": "a & b", "b": mark_safe("a & b")}, "3 3"), 115 115 'filter-wordcount02': ('{{ a|wordcount }} {{ b|wordcount }}', {"a": "a & b", "b": mark_safe("a & b")}, "3 3"), … … 240 240 'chaining13': ('{{ a|safe|force_escape }}', {"a": "a < b"}, "a < b"), 241 241 'chaining14': ('{% autoescape off %}{{ a|safe|force_escape }}{% endautoescape %}', {"a": "a < b"}, "a < b"), 242 242 243 # Filters decorated with stringfilter still respect is_safe. 243 # Filters decorated with stringfilter still respect is_safe. 244 244 'autoescape-stringfilter01': (r'{{ unsafe|capfirst }}', {'unsafe': UnsafeClass()}, 'You & me'), 245 245 'autoescape-stringfilter02': (r'{% autoescape off %}{{ unsafe|capfirst }}{% endautoescape %}', {'unsafe': UnsafeClass()}, 'You & me'), 246 246 'autoescape-stringfilter03': (r'{{ safe|capfirst }}', {'safe': SafeClass()}, 'You > me'),
