Opened 12 years ago

Closed 12 years ago

#17135 closed Bug (fixed)

stringfilter decorator is incompatible with is_safe / needs_autoescape flags

Reported by: Aymeric Augustin Owned by: nobody
Component: Template system Version: 1.3
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Aymeric Augustin)

Defining a template filter like this doesn't work:

@register.filter
@stringfilter
def passthrough(value):
    return value
passthrough.is_safe = True

The problem is that the stringfilter decorator keeps a pointer to the underlying function, and the template engine uses it.

However, the last line only sets is_safe on the function returned by the decorator, not on the underlying function. As a consequence, the template engine doesn't know that the filter is safe.

Attachments (3)

17135.patch (10.1 KB ) - added by Aymeric Augustin 12 years ago.
17135.2.patch (12.5 KB ) - added by Aymeric Augustin 12 years ago.
17135.3.patch (30.0 KB ) - added by Aymeric Augustin 12 years ago.

Download all attachments as: .zip

Change History (8)

by Aymeric Augustin, 12 years ago

Attachment: 17135.patch added

comment:1 by Aymeric Augustin, 12 years ago

Needs documentation: set

by Aymeric Augustin, 12 years ago

Attachment: 17135.2.patch added

comment:2 by Aymeric Augustin, 12 years ago

Needs documentation: unset

Second version of the patch adds docs.

I moved the paragraph about stringfilter after the parapraph about escaping because I needed to reference the escaping control flags.

comment:3 by Aymeric Augustin, 12 years ago

As pointed out by Alex, the flags are related to the filter, not the fact that it operates on strings (even if the design flaw is in stringfilter).

The new patch passes the is_safe and needs_autoescape flags as keyword arguments to @register.filter, which makes more sense and is compatible with decorators. It includes docs and deprecation of the current syntax.

by Aymeric Augustin, 12 years ago

Attachment: 17135.3.patch added

comment:4 by Aymeric Augustin, 12 years ago

Description: modified (diff)

comment:5 by Aymeric Augustin, 12 years ago

Resolution: fixed
Status: newclosed

In [17056]:

Fixed #17135 -- Made it possible to use decorators (like stringfilter) on template filter functions in combination with auto-escaping. Refs #16726.

Note: See TracTickets for help on using tickets.
Back to Top