Opened 18 months ago

Closed 18 months ago

Last modified 18 months ago

#34574 closed Cleanup/optimization (fixed)

Extend docs for `autoescape` and `escape` with examples using filters that operate with sequences

Reported by: Natalia Bidart Owned by: Natalia Bidart
Component: Template system Version: 4.2
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Following a recent report, it has come to out attention that the docs for autoescape and escape could be improved by explicitly mentioning how those interact with the results of applying (chaining) filters that would mark their result as safe (like those that operate with sequences). For example, in this code:

{% autoescape off %}
{{ some_list|join:","|escape }}
{% endautoescape %}

the string resulting from the concatenation of some_list items would not be escaped. The reason is that join returns a string marked as safe (but since it was executed in the context of autoescape being off, each individual item is not escaped), and the escape docs mention the following (but they could use an example to make the point more obvious):

Applying escape to a variable that would normally have auto-escaping applied to the result will only result in one round of escaping being done. 

Similarly, the safe docs also refers to the above (but again, explicitness could go long way here):

If you are chaining filters, a filter applied after safe can make the contents unsafe again. For example, the following code prints the variable as is, unescaped:

{{ var|safe|escape }}

which is analogous to what is happening in the first code snippet: join is marking the result as safe, so the chained |escape does nothing.

Change History (7)

comment:1 by Mariusz Felisiak, 18 months ago

Triage Stage: UnreviewedAccepted
Type: UncategorizedCleanup/optimization

comment:2 by Natalia Bidart, 18 months ago

Owner: changed from nobody to Natalia Bidart
Status: newassigned

comment:3 by Natalia Bidart, 18 months ago

Has patch: set

comment:4 by Mariusz Felisiak, 18 months ago

Triage Stage: AcceptedReady for checkin

comment:5 by Mariusz Felisiak <felisiak.mariusz@…>, 18 months ago

Resolution: fixed
Status: assignedclosed

In 1a59a32:

Fixed #34574 -- Noted unexpected outcomes in autoescape/escape docs.

comment:6 by Mariusz Felisiak <felisiak.mariusz@…>, 18 months ago

In 881cc13:

Refs #34574, Refs #34577 -- Mentioned escapeseq filter in escape/autoescape docs.

comment:7 by Mariusz Felisiak <felisiak.mariusz@…>, 18 months ago

In 25bd9fa:

[4.2.x] Fixed #34574 -- Noted unexpected outcomes in autoescape/escape docs.

Backport of 1a59a324cec5caf12ea0c4947564828aa7bda02a from main.

Note: See TracTickets for help on using tickets.
Back to Top