Code

Ticket #21316: mark_safe_21316.txt

File mark_safe_21316.txt, 1.5 KB (added by vijay_shanker, 9 months ago)

added a sentence and a code example to how modified strings are not safe

Line 
1diff --git a/docs/ref/utils.txt b/docs/ref/utils.txt
2index e03a775..311871e 100644
3--- a/docs/ref/utils.txt
4+++ b/docs/ref/utils.txt
5@@ -557,16 +557,16 @@ escaping HTML.
6     So, instead of writing:
7 
8     .. code-block:: python
9-
10+       
11         mark_safe(u"%s <b>%s</b> %s" % (some_html,
12                                         escape(some_text),
13                                         escape(some_other_text),
14                                         ))
15 
16     you should instead use:
17-
18+       
19     .. code-block:: python
20-
21+               
22         format_html(u"{0} <b>{1}</b> {2}",
23                     mark_safe(some_html), some_text, some_other_text)
24 
25@@ -722,7 +722,7 @@ Functions for working with Python modules.
26         ImproperlyConfigured = import_by_path('django.core.exceptions.ImproperlyConfigured')
27 
28     is equivalent to::
29-
30+               
31         from django.core.exceptions import ImproperlyConfigured
32 
33 ``django.utils.safestring``
34@@ -763,7 +763,19 @@ appropriate entities.
35     object can be used everywhere a string or unicode object is appropriate.
36 
37     Can be called multiple times on a single string.
38-
39+    String marked safe will become unsafe again if modified.
40+       
41+    For example::
42+   
43+               mystr = '<b>Hello World</b>   '
44+               mystr = mark_safe(mystr)
45+               type(mystr)
46+               <class 'django.utils.safestring.SafeBytes'>
47+               
48+               mystr = mystr.strip() #removing white-spaces
49+               type(mystr)
50+               <type 'str'>
51+       
52 .. function:: mark_for_escaping(s)
53 
54     Explicitly mark a string as requiring HTML escaping upon output. Has no