Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#21061 closed Bug (invalid)

is_safe filter flag

Reported by: justincapella@… Owned by: polmuz
Component: Template system Version: 1.5
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

From django/template/base.py:resolve

[code]

if getattr(func, 'is_safe', False) and isinstance(obj, SafeData):

obj = mark_safe(new_obj)

code

The isinstance(obj, SafeData) seems to prevent is_safe flag from having any affect on the output.
Thinking of the use cases we have some function/tag that we want to either have mark_safe called on, or not called on.

imo, this should just be

[code]

if getattr(func, 'is_safe', False):

obj = mark_safe(new_obj)

code

This allows is_safe to have an effect on the outcome... which the current code does not.

Change History (3)

comment:1 Changed 2 years ago by polmuz

  • Needs documentation unset
  • Needs tests unset
  • Owner changed from nobody to polmuz
  • Patch needs improvement unset
  • Status changed from new to assigned

comment:2 Changed 2 years ago by polmuz

  • Resolution set to invalid
  • Status changed from assigned to closed

Hi Justin,

I've been going through the code and the docs and that conditional seems to be fine.

The idea is that you may have filter that modifies the input in a safe way but it doesn't return a safe object (e.g. strings are not safe)

@register.filter(is_safe=True)
def add_xx(value):
    return '%sxx' % value

So, if the previous object was safe and the filter is safe then it can
be marked as safe again.

resolve() is doing roughly the following:

# apply the filter
new_obj = add_xx(old_obj)

# check if it's still safe
if filter is_safe and old_obj is_safe:
    mark new_obj as safe too

Here are the docs that describe this behavior https://docs.djangoproject.com/en/1.5/howto/custom-template-tags/#filters-auto-escaping

If you have a filter where you know the output will be safe then you can use django.utils.safestring.mark_safe
directly on the output.

I may have not understood the description, so if this is not what you meant, please reopen the ticket!

comment:3 Changed 2 years ago by anonymous

Hi, I did misunderstand the intent of the flag. But while I have your attention on the matter-- the code could still be reduced to

if getattr(func, 'is_safe', False):

as the first thing mark_safe does is to see if it is already an instance of SafeData... but perhaps the intent was to prevent the unnesc call. Thanks

Note: See TracTickets for help on using tickets.
Back to Top