Ticket #2862: better_escape.patch

File better_escape.patch, 1.7 KB (added by SmileyChris, 9 years ago)
  • django/utils/html.py

     
    2222del x # Temporary variable
    2323
    2424def escape(html):
    25     "Returns the given HTML with ampersands, quotes and carets encoded"
    26     if not isinstance(html, basestring):
    27         html = str(html)
    28     return html.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;').replace("'", '&#39;')
     25    """
     26    HTML escape the given text with ampersands, quotes and carets encoded.
     27    Alternately, if a list is given, a copy of the list is returned with each
     28    item html escaped (recursively if necessary).
     29   
     30    Useful for this sort of thing:
     31   
     32        {{ names_list|escape|join:'<br />' }}
     33    """
     34    if isinstance(html, (list, tuple)):
     35        return map(escape, html)
     36    else:
     37        if not isinstance(html, basestring):
     38            html = str(html)
     39        return html.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;').replace("'", '&#39;')
    2940
    3041def linebreaks(value):
    3142    "Converts newlines into <p> and <br />s"
  • docs/templates.txt

     
    873873    * ``'"'`` (double quote) to ``'&quot;'``
    874874    * ``"'"`` (single quote) to ``'&#39;'``
    875875
     876If applied to a list instead of a string, a copy of the list is returned with
     877each item HTML-escaped. For example::
     878
     879    {{ guest_list|escape|join:'<br />' }}
     880
    876881filesizeformat
    877882~~~~~~~~~~~~~~
    878883
Back to Top