Context Navigation

← Previous Ticket
Next Ticket →

#6474 closed Cleanup/optimization (invalid)

conditional_escape: Try to convert to a string first, then check if SafeData

Reported by:	Thomas Güttler	Owned by:	nobody
Component:	Uncategorized	Version:	dev
Severity:	Normal	Keywords:
Cc:		Triage Stage:	Accepted
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	yes
Easy pickings:	no	UI/UX:	no

Description

Hi,

if you try to conditional_escape() an object, which unicode
method returns a SafeString, the SafeStrinng gets escaped (one time to much).

I attached a patch with unittest.

All other tests pass.

Attachments (1)

utils_conditional_escape.diff (1.4 KB ) - added by Thomas Güttler 17 years ago.

Download all attachments as: .zip

Change History (7)

by Thomas Güttler, 17 years ago

Attachment:	utils_conditional_escape.diff added

comment:1 by Malcolm Tredinnick, 17 years ago

Triage Stage:	Unreviewed → Accepted

It's fairly dangerous (and I'm not sure it's entirely legal) to have the __unicode__ method return something that isn't simply a Unicode object.

More research required here to determine if this is actually a safe Python practice. If not, the whole issue is moot.

comment:2 by Thomas Güttler, 17 years ago

This is derived from newforms.utils.ErrorList: There __unicode__()
returns mark_safe(...), too. There, I discoverd the bug. I just
wanted to keep the unittest self-contained.

# newforms.utils.ErrorList:
class ErrorList(list, StrAndUnicode):
    """
    A collection of errors that knows how to display itself in various formats.
    """
    def __unicode__(self):
        return self.as_ul()

    def as_ul(self):
        if not self: return u''
        return mark_safe(u'<ul class="errorlist">%s</ul>'
                % ''.join([u'<li>%s</li>' % force_unicode(e) for e in self]))

comment:3 by Thomas Güttler, 17 years ago

Cc:	hv@… added

comment:4 by patchhammer, 14 years ago

Easy pickings:	unset
Patch needs improvement:	set
Severity:	→ Normal
Type:	→ Uncategorized

utils_conditional_escape.diff fails to apply cleanly on to trunk

comment:5 by Julien Phalip, 13 years ago

Type:	Uncategorized → Cleanup/optimization

comment:6 by Thomas Güttler, 13 years ago

Cc:	hv@… removed
Resolution:	→ invalid
Status:	new → closed
UI/UX:	unset

The unittest of the patch still fails, but I (original reporter) close it.

Note: See TracTickets for help on using tickets.

Download in other formats:

Issues