Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#19988 closed Bug (fixed)

django.contrib.humanize : ordinal returns escaped HTML code in some languages

Reported by: maxime.lorant@… Owned by: garrypolley
Component: contrib.humanize Version: 1.5
Severity: Normal Keywords: humanize ordinal html escaped
Cc: garrypolley Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

Hi guys,

I found that the ordinal filter returns escaped HTML in some languages, due to the translation. In English, the filter make this:

{{ 1|ordinal }} becomes 1st
{{ 2|ordinal }} becomes 2nd

In French, the expected behavior is:

{{ 1|ordinal }} becomes 1er
{{ 2|ordinal }} becomes 2e

However, with Django 1.4 and 1.5 (haven't try with older versions but do we really care now ?), I got:

{{ 1|ordinal }} becomes 1<sup>er</sup>
{{ 2|ordinal }} becomes 2<sup>e</sup>
{{ "2"|ordinal }} becomes 2e (!!!)

As you can see, the HTML is escaped if the argument is a int, and it doesn't if the argument is a string, precisely à SafeString in the filter. I've tried to patch this bug by marking the output string safe, cast the argument in the filter, etc. No success. I think it's possible with a single line, but I hope someone more competent will found this in one second :)

The problem comes from the translation, which can returns HTML in some languages. You can try with LANGUAGE_CODE = 'fr-fr' to test it.

Change History (9)

comment:1 Changed 2 years ago by matiasb

  • Needs documentation unset
  • Needs tests unset
  • Owner changed from nobody to matiasb
  • Patch needs improvement unset
  • Status changed from new to assigned
  • Triage Stage changed from Unreviewed to Accepted

comment:2 Changed 2 years ago by matiasb

  • Has patch set

Proposed pull request: https://github.com/django/django/pull/896
Tests passing for sqlite.

comment:3 Changed 2 years ago by EvilDMP

  • Owner changed from matiasb to EvilDMP

I have marked this ticket as suitable for a first-time committer attending a Don't be afraid to commit workshop.

The next planned session will be hosted by Cardiff Dev Workshop on Saturday 8th June.

If you want to tackle this ticket before then, or at any time in fact, please don't let the fact that it's assigned to me stop you. Feel free to re-assign it to yourself and do whatever you like to it.

comment:4 Changed 2 years ago by garrypolley

  • Owner changed from EvilDMP to garrypolley

Submitted a pull request for this issue.

https://github.com/django/django/pull/1565

comment:5 Changed 2 years ago by garrypolley

  • Triage Stage changed from Accepted to Ready for checkin

comment:6 Changed 2 years ago by claudep

  • Triage Stage changed from Ready for checkin to Accepted

Please do not mark your own patch as RFC. Someone else should review it.

comment:7 Changed 2 years ago by garrypolley

  • Cc garrypolley added

comment:8 Changed 2 years ago by Garry Polley <garrympolley@…>

  • Resolution set to fixed
  • Status changed from assigned to closed

In 337bd248a5ac13957b3287ec8bd7a8a4e21be53e:

fixes #19988, allow html in ordinal for humanize

comment:9 Changed 2 years ago by Alex Gaynor <alex.gaynor@…>

In 907f19eba743de3f0720bc2e2cd2fad45b2c0170:

Merge pull request #1565 from garrypolley/#19988-ordinal-html-i18n-fix

fixes #19988, allow html in ordinal for humanize

Note: See TracTickets for help on using tickets.
Back to Top