Opened 6 years ago

Closed 5 years ago

#15683 closed Cleanup/optimization (fixed)

the force_escpe filter should not call mark_safe

Reported by: Germano Gabbianelli Owned by: Marcos Moyano
Component: Template system Version: 1.3
Severity: Normal Keywords: force_escape mark_safe
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: yes Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

in template.defaultfilters.force_escape you are explicitly calling mark_safe on the value returned by utils.html.escape, but escape already calls mark_safe on the string it returns
http://code.djangoproject.com/browser/django/trunk/django/utils/html.py#L30
http://code.djangoproject.com/browser/django/trunk/django/template/defaultfilters.py#L391

I reported this on #django-dev and got answered:

<carljm> tyrion-mx: indeed, i think the mark_safe in force_escape is unnecessary. though also harmless - it costs exactly one function call and one isinstance check.

Attachments (1)

ticket_15683.patch (450 bytes) - added by Marcos Moyano 6 years ago.
remove marke_safe

Download all attachments as: .zip

Change History (10)

comment:1 Changed 6 years ago by Luke Plant

Triage Stage: UnreviewedAccepted

Changed 6 years ago by Marcos Moyano

Attachment: ticket_15683.patch added

remove marke_safe

comment:2 Changed 6 years ago by Marcos Moyano

Owner: changed from nobody to Marcos Moyano
Status: newassigned

comment:3 Changed 6 years ago by Marcos Moyano

Has patch: set
Needs tests: set

comment:4 Changed 6 years ago by Luke Plant

Type: Cleanup/optimization

comment:5 Changed 6 years ago by Luke Plant

Severity: Normal

comment:6 Changed 6 years ago by Jannis Leidel

Easy pickings: unset
Triage Stage: AcceptedReady for checkin

comment:7 Changed 6 years ago by Jannis Leidel

Triage Stage: Ready for checkinAccepted

back to accepted since tests are missing..

comment:8 Changed 5 years ago by Aymeric Augustin

UI/UX: unset

Change UI/UX from NULL to False.

comment:9 Changed 5 years ago by Claude Paroz

Resolution: fixed
Status: assignedclosed

In [17876]:

Fixed #15683 -- Prevented escaped string to be needlessly marked safe twice in force_escape filter. Thanks tyrion for the initial patch.

Note: See TracTickets for help on using tickets.
Back to Top