`conditional_escape` does not work with lazy strings
|Reported by:||Baptiste Mispelon||Owned by:||Baptiste Mispelon|
|Cc:||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
When passing the result of
conditional_escape, the result is not marked properly as safe which results in the data being escaped multiple times if
conditional_escape is applied more than once.
>>> from django.utils.html import conditional_escape >>> from django.utils.translation import ugettext_lazy >>> >>> s = '<foo>' >>> ss = ugettext_lazy(s) >>> conditional_escape(conditional_escape(s)) '<foo>' >>> str(conditional_escape(conditional_escape(ss))) '&lt;foo&gt;'
I ran into this issue by accident when working on #20211 where some old code had been left in and was escaping some strings twice in some cases. In that case, it was easy to work around the bug by simply removing the redundant calls to
Change History (6)
comment:1 Changed 4 years ago by
|Patch needs improvement:||unset|