Changeset 6680
- Timestamp:
- 11/17/07 06:11:26 (10 months ago)
- Files:
-
- django/trunk/django/template/__init__.py (modified) (2 diffs)
- django/trunk/docs/templates.txt (modified) (1 diff)
- django/trunk/tests/regressiontests/templates/filters.py (modified) (1 diff)
- django/trunk/tests/regressiontests/templates/tests.py (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
django/trunk/django/template/__init__.py
r6679 r6680 595 595 for lookup, arg in args: 596 596 if not lookup: 597 arg_vals.append( arg)597 arg_vals.append(mark_safe(arg)) 598 598 else: 599 599 arg_vals.append(arg.resolve(context)) … … 708 708 # we're also dealing with a literal. 709 709 if var[0] in "\"'" and var[0] == var[-1]: 710 self.literal = var[1:-1]710 self.literal = mark_safe(var[1:-1]) 711 711 else: 712 712 # Otherwise we'll set self.lookups so that resolve() knows we're django/trunk/docs/templates.txt
r6673 r6680 401 401 variables that use the ``escape`` filter do not have further automatic 402 402 escaping applied to them. 403 404 String literals and automatic escaping 405 -------------------------------------- 406 407 Sometimes you will pass a string literal as an argument to a filter. For 408 example:: 409 410 {{ data|default:"This is a string literal." }} 411 412 All string literals are inserted **without** any automatic escaping into the 413 template, if they are used (it's as if they were all passed through the 414 ``safe`` filter). The reasoning behind this is that the template author is in 415 control of what goes into the string literal, so they can make sure the text 416 is correctly escaped when the template is written. 417 418 This means you would write :: 419 420 {{ data|default:"3 > 2" }} 421 422 ...rather than :: 423 424 {{ data|default:"3 > 2" }} <-- Bad! Don't do this. 425 426 This doesn't affect what happens to data coming from the variable itself. 427 The variable's contents are still automatically escaped, if necessary, since 428 they're beyond the control of the template author. 403 429 404 430 Using the built-in reference django/trunk/tests/regressiontests/templates/filters.py
r6671 r6680 178 178 'filter-unordered_list05': ('{% autoescape off %}{{ a|unordered_list }}{% endautoescape %}', {"a": ["x>", [["<y", []]]]}, "\t<li>x>\n\t<ul>\n\t\t<li><y</li>\n\t</ul>\n\t</li>"), 179 179 180 # If the input to "default" filter is marked as safe, then so is the 181 # output. However, if the default arg is used, auto-escaping kicks in 182 # (if enabled), because we cannot mark the default as safe. 180 # Literal string arguments to the default filter are always treated as 181 # safe strings, regardless of the auto-escaping state. 183 182 # 184 183 # Note: we have to use {"a": ""} here, otherwise the invalid template 185 184 # variable string interferes with the test result. 186 'filter-default01': ('{{ a|default:"x<" }}', {"a": ""}, "x <"),185 'filter-default01': ('{{ a|default:"x<" }}', {"a": ""}, "x<"), 187 186 'filter-default02': ('{% autoescape off %}{{ a|default:"x<" }}{% endautoescape %}', {"a": ""}, "x<"), 188 187 'filter-default03': ('{{ a|default:"x<" }}', {"a": mark_safe("x>")}, "x>"), 189 188 'filter-default04': ('{% autoescape off %}{{ a|default:"x<" }}{% endautoescape %}', {"a": mark_safe("x>")}, "x>"), 190 189 191 'filter-default_if_none01': ('{{ a|default:"x<" }}', {"a": None}, "x <"),190 'filter-default_if_none01': ('{{ a|default:"x<" }}', {"a": None}, "x<"), 192 191 'filter-default_if_none02': ('{% autoescape off %}{{ a|default:"x<" }}{% endautoescape %}', {"a": None}, "x<"), 193 192 django/trunk/tests/regressiontests/templates/tests.py
r6679 r6680 319 319 'filter-syntax09': ('{{ var|removetags:"b i"|upper|lower }}', {"var": "<b><i>Yes</i></b>"}, "yes"), 320 320 321 # Escaped string as argument321 # Literal string as argument is always "safe" from auto-escaping.. 322 322 'filter-syntax10': (r'{{ var|default_if_none:" endquote\" hah" }}', 323 {"var": None}, ' endquote "hah'),323 {"var": None}, ' endquote" hah'), 324 324 325 325 # Variable as argument … … 736 736 737 737 # translation of constant strings 738 'i18n13': ('{{ _("Pa ge not found") }}', {'LANGUAGE_CODE': 'de'}, 'Seite nicht gefunden'),738 'i18n13': ('{{ _("Password") }}', {'LANGUAGE_CODE': 'de'}, 'Passwort'), 739 739 'i18n14': ('{% cycle "foo" _("Password") _(\'Password\') as c %} {% cycle c %} {% cycle c %}', {'LANGUAGE_CODE': 'de'}, 'foo Passwort Passwort'), 740 740 'i18n15': ('{{ absent|default:_("Password") }}', {'LANGUAGE_CODE': 'de', 'absent': ""}, 'Passwort'), 741 'i18n16': ('{{ _("<") }}', {'LANGUAGE_CODE': 'de'}, '<'), 741 742 742 743 ### HANDLING OF TEMPLATE_STRING_IF_INVALID ################################### … … 886 887 'autoescape-tag07': ("{% autoescape on %}{{ first }}{% endautoescape %}", {"first": mark_safe(u"<b>Apple</b>")}, u"<b>Apple</b>"), 887 888 888 # String arguments to filters, if used in the result, are escaped,889 # too.890 'basic-syntax08': (r'{% autoescape on %}{{ var|default_if_none:" endquote\" hah" }}{% endautoescape %}', {"var": None}, ' endquote "hah'),889 # Literal string arguments to filters, if used in the result, are 890 # safe. 891 'basic-syntax08': (r'{% autoescape on %}{{ var|default_if_none:" endquote\" hah" }}{% endautoescape %}', {"var": None}, ' endquote" hah'), 891 892 892 893 # The "safe" and "escape" filters cannot work due to internal
