2007-11-14 20:58:53 +08:00
|
|
|
"""
|
|
|
|
Functions for working with "safe strings": strings that can be displayed safely
|
|
|
|
without further escaping in HTML. Marking something as a "safe string" means
|
|
|
|
that the producer of the string has already turned characters that should not
|
|
|
|
be interpreted by the HTML engine (e.g. '<') into the appropriate entities.
|
|
|
|
"""
|
2016-05-11 00:46:47 +08:00
|
|
|
|
2019-12-06 16:31:33 +08:00
|
|
|
from functools import wraps
|
2007-11-14 20:58:53 +08:00
|
|
|
|
2022-02-19 03:27:05 +08:00
|
|
|
from django.utils.functional import keep_lazy
|
|
|
|
|
2013-11-03 04:12:09 +08:00
|
|
|
|
2017-01-19 15:39:46 +08:00
|
|
|
class SafeData:
|
2022-01-25 17:53:03 +08:00
|
|
|
__slots__ = ()
|
|
|
|
|
2013-10-15 06:40:52 +08:00
|
|
|
def __html__(self):
|
|
|
|
"""
|
2017-01-25 04:32:33 +08:00
|
|
|
Return the html representation of a string for interoperability.
|
2013-10-15 06:40:52 +08:00
|
|
|
|
2014-12-24 05:29:01 +08:00
|
|
|
This allows other template engines to understand Django's SafeData.
|
2013-10-15 06:40:52 +08:00
|
|
|
"""
|
|
|
|
return self
|
2007-11-14 20:58:53 +08:00
|
|
|
|
2013-11-03 07:53:29 +08:00
|
|
|
|
2019-02-05 22:38:29 +08:00
|
|
|
class SafeString(str, SafeData):
|
2007-11-14 20:58:53 +08:00
|
|
|
"""
|
2016-12-29 23:27:49 +08:00
|
|
|
A str subclass that has been specifically marked as "safe" for HTML output
|
|
|
|
purposes.
|
2007-11-14 20:58:53 +08:00
|
|
|
"""
|
2022-01-25 17:53:03 +08:00
|
|
|
|
|
|
|
__slots__ = ()
|
|
|
|
|
2007-11-14 20:58:53 +08:00
|
|
|
def __add__(self, rhs):
|
|
|
|
"""
|
2019-03-27 19:15:53 +08:00
|
|
|
Concatenating a safe string with another safe bytestring or
|
2017-01-21 05:04:05 +08:00
|
|
|
safe string is safe. Otherwise, the result is no longer safe.
|
2007-11-14 20:58:53 +08:00
|
|
|
"""
|
2017-01-21 21:13:44 +08:00
|
|
|
t = super().__add__(rhs)
|
2007-11-14 20:58:53 +08:00
|
|
|
if isinstance(rhs, SafeData):
|
2019-02-05 22:38:29 +08:00
|
|
|
return SafeString(t)
|
2007-12-03 04:17:10 +08:00
|
|
|
return t
|
2012-07-20 20:48:51 +08:00
|
|
|
|
2017-01-31 02:15:59 +08:00
|
|
|
def __str__(self):
|
|
|
|
return self
|
|
|
|
|
2016-11-13 01:11:23 +08:00
|
|
|
|
2019-02-05 22:38:29 +08:00
|
|
|
SafeText = SafeString # For backwards compatibility since Django 2.0.
|
2012-08-18 22:04:06 +08:00
|
|
|
|
2013-11-03 07:53:29 +08:00
|
|
|
|
2016-06-03 05:11:43 +08:00
|
|
|
def _safety_decorator(safety_marker, func):
|
|
|
|
@wraps(func)
|
2022-05-22 14:20:29 +08:00
|
|
|
def wrapper(*args, **kwargs):
|
2016-06-03 05:11:43 +08:00
|
|
|
return safety_marker(func(*args, **kwargs))
|
2022-02-04 03:24:19 +08:00
|
|
|
|
2022-05-22 14:20:29 +08:00
|
|
|
return wrapper
|
2016-06-03 05:11:43 +08:00
|
|
|
|
|
|
|
|
2022-02-19 03:27:05 +08:00
|
|
|
@keep_lazy(SafeString)
|
2007-11-14 20:58:53 +08:00
|
|
|
def mark_safe(s):
|
|
|
|
"""
|
|
|
|
Explicitly mark a string as safe for (HTML) output purposes. The returned
|
2017-01-20 17:20:53 +08:00
|
|
|
object can be used everywhere a string is appropriate.
|
2007-11-14 20:58:53 +08:00
|
|
|
|
2016-06-03 05:11:43 +08:00
|
|
|
If used on a method as a decorator, mark the returned data as safe.
|
|
|
|
|
2007-11-14 20:58:53 +08:00
|
|
|
Can be called multiple times on a single string.
|
|
|
|
"""
|
2014-12-24 05:29:01 +08:00
|
|
|
if hasattr(s, "__html__"):
|
2007-11-14 20:58:53 +08:00
|
|
|
return s
|
2016-06-03 05:11:43 +08:00
|
|
|
if callable(s):
|
|
|
|
return _safety_decorator(mark_safe, s)
|
2019-02-05 22:38:29 +08:00
|
|
|
return SafeString(s)
|