Opened 13 years ago
Closed 13 years ago
#17135 closed Bug (fixed)
stringfilter decorator is incompatible with is_safe / needs_autoescape flags
Reported by: | Aymeric Augustin | Owned by: | nobody |
---|---|---|---|
Component: | Template system | Version: | 1.3 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
Defining a template filter like this doesn't work:
@register.filter @stringfilter def passthrough(value): return value passthrough.is_safe = True
The problem is that the stringfilter
decorator keeps a pointer to the underlying function, and the template engine uses it.
However, the last line only sets is_safe
on the function returned by the decorator, not on the underlying function. As a consequence, the template engine doesn't know that the filter is safe.
Attachments (3)
Change History (8)
by , 13 years ago
Attachment: | 17135.patch added |
---|
comment:1 by , 13 years ago
Needs documentation: | set |
---|
by , 13 years ago
Attachment: | 17135.2.patch added |
---|
comment:2 by , 13 years ago
Needs documentation: | unset |
---|
comment:3 by , 13 years ago
As pointed out by Alex, the flags are related to the filter, not the fact that it operates on strings (even if the design flaw is in stringfilter
).
The new patch passes the is_safe
and needs_autoescape
flags as keyword arguments to @register.filter
, which makes more sense and is compatible with decorators. It includes docs and deprecation of the current syntax.
by , 13 years ago
Attachment: | 17135.3.patch added |
---|
comment:4 by , 13 years ago
Description: | modified (diff) |
---|
Second version of the patch adds docs.
I moved the paragraph about
stringfilter
after the parapraph about escaping because I needed to reference the escaping control flags.