{% trans %} and {% blocktrans %} breaking auto escape

[Briel <toppertc@…>]

There is an issue with the {% trans %} and {% blocktrans %} breaking the auto escape of variables displayed in them.

If myvar is defined in the template these two examples will not escape the myvar:
{% trans myvar %}
{% blocktrans %}this is {{ myvar }}{% endblocktrans %}

However, if you use the "with" command with the blocktrans, auto escaping wont be lost:
{% blocktrans with myvar as myvar %}this is {{ myvar }}{% endblocktrans %}

[Andrew Badr]

Fix with tests

[Andrew Badr]

Variables aren't getting escaped in the trans and blocktrans template tags because, unlike other template tags, they render their own contents. For blocktrans, one solution would be to save a VariableNode for each variable token in the parser, then render them all before the string interpolation. That seemed complicated, so I implemented the solution in this patch, at the cost of a new module-level function in django.template.

[Andrew Badr]

Added underscores to mark the function private. I've tried to come up with a way to do this using classes and inheritence but couldn't come up with anything sensible. The Node class already has a render method with a different signature. If "add some underscores and call it a day" is good enough, then I guess the patch is ready, otherwise someone else should take a look.

[Malcolm Tredinnick]

(In [10519]) Fixed #10369 -- Fixed auto-escaping inside "tran" and "blocktrans" tags.

Patch from Andrew Badr.

[Jacob]

Milestone 1.1 deleted