Code

Ticket #11377: cond_escape_join.patch

File cond_escape_join.patch, 1.9 KB (added by steveire, 5 years ago)
  • tests/regressiontests/templates/filters.py

     
    321321        'join03': (r'{{ a|join:" & " }}', {'a': ['alpha', 'beta & me']}, 'alpha & beta & me'), 
    322322        'join04': (r'{% autoescape off %}{{ a|join:" & " }}{% endautoescape %}', {'a': ['alpha', 'beta & me']}, 'alpha & beta & me'), 
    323323 
     324        'join05': (r'{{ a|join:var }}', {'a': ['alpha', 'beta & me'], 'var': ' & '}, 'alpha & beta & me'), 
     325        'join06': (r'{{ a|join:var }}', {'a': ['alpha', 'beta & me'], 'var': mark_safe(' & ')}, 'alpha & beta & me'), 
     326        'join07': (r'{{ a|join:var|lower }}', {'a': ['Alpha', 'Beta & me'], 'var': ' &' }, 'alpha & beta & me'), 
     327        'join08': (r'{{ a|join:var|lower }}', {'a': ['Alpha', 'Beta & me'], 'var': mark_safe(' & ')}, 'alpha & beta & me'), 
    324328 
    325329        'date01': (r'{{ d|date:"m" }}', {'d': datetime(2008, 1, 1)}, '01'), 
    326330        'date02': (r'{{ d|date }}', {'d': datetime(2008, 1, 1)}, 'Jan. 1, 2008'), 
  • django/template/defaultfilters.py

     
    498498    Joins a list with a string, like Python's ``str.join(list)``. 
    499499    """ 
    500500    value = map(force_unicode, value) 
     501    from django.utils.html import conditional_escape 
    501502    if autoescape: 
    502         from django.utils.html import conditional_escape 
    503503        value = [conditional_escape(v) for v in value] 
    504504    try: 
    505         data = arg.join(value) 
     505        data = conditional_escape(arg).join(value) 
    506506    except AttributeError: # fail silently but nicely 
    507507        return value 
    508508    return mark_safe(data)