Added tests and a small optimisation for [6721]. Thanks SmileyChris. Fixed #6049

git-svn-id: http://code.djangoproject.com/svn/django/trunk@6729 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-29 01:44:30 +00:00 · 2007-11-29 01:44:30 +00:00 · 3c272792d6
parent b1df360961
commit 3c272792d6
3 changed files with 24 additions and 3 deletions
--- a/django/template/defaultfilters.py
+++ b/django/template/defaultfilters.py
@ -25,8 +25,8 @@ def stringfilter(func):
        if args:
            args = list(args)
            args[0] = force_unicode(args[0])
-        if isinstance(args[0], SafeData) and getattr(func, 'is_safe', False):
-            return mark_safe(func(*args, **kwargs))
+            if isinstance(args[0], SafeData) and getattr(func, 'is_safe', False):
+                return mark_safe(func(*args, **kwargs))
        return func(*args, **kwargs)

    # Include a reference to the real function (used to check original
--- a/tests/regressiontests/templates/filters.py
+++ b/tests/regressiontests/templates/filters.py
@ -12,6 +12,15 @@ from datetime import datetime, timedelta
 from django.utils.tzinfo import LocalTimezone
 from django.utils.safestring import mark_safe

+# These two classes are used to test auto-escaping of __unicode__ output.
+class UnsafeClass:
+    def __unicode__(self):
+        return u'you & me'
+
+class SafeClass:
+    def __unicode__(self):
+        return mark_safe(u'you &gt; me')
+
 # RESULT SYNTAX --
 # 'template_name': ('template contents', 'context dict',
 #                   'expected string output' or Exception class)
@ -227,4 +236,11 @@ def get_filter_tests():
        'chaining12': ('{% autoescape off %}{{ a|cut:"b"|safe }}{% endautoescape %}', {"a": "a < b"}, "a < "),
        'chaining13': ('{{ a|safe|force_escape }}', {"a": "a < b"}, "a &lt; b"),
        'chaining14': ('{% autoescape off %}{{ a|safe|force_escape }}{% endautoescape %}', {"a": "a < b"}, "a &lt; b"),
+
+        # Filters decorated with stringfilter still respect is_safe. 
+        'autoescape-stringfilter01': (r'{{ unsafe|capfirst }}', {'unsafe': UnsafeClass()}, 'You &amp; me'),
+        'autoescape-stringfilter02': (r'{% autoescape off %}{{ unsafe|capfirst }}{% endautoescape %}', {'unsafe': UnsafeClass()}, 'You & me'),
+        'autoescape-stringfilter03': (r'{{ safe|capfirst }}', {'safe': SafeClass()}, 'You &gt; me'),
+        'autoescape-stringfilter04': (r'{% autoescape off %}{{ safe|capfirst }}{% endautoescape %}', {'safe': SafeClass()}, 'You &gt; me'),
    }
+
--- a/tests/regressiontests/templates/tests.py
+++ b/tests/regressiontests/templates/tests.py
@ -899,7 +899,12 @@ class Templates(unittest.TestCase):

            # Literal string arguments to filters, if used in the result, are
            # safe.
-            'basic-syntax08': (r'{% autoescape on %}{{ var|default_if_none:" endquote\" hah" }}{% endautoescape %}', {"var": None}, ' endquote" hah'),
+            'autoescape-tag08': (r'{% autoescape on %}{{ var|default_if_none:" endquote\" hah" }}{% endautoescape %}', {"var": None}, ' endquote" hah'),
+
+            # Objects which return safe strings as their __unicode__ method
+            # won't get double-escaped.
+            'autoescape-tag09': (r'{{ unsafe }}', {'unsafe': filters.UnsafeClass()}, 'you &amp; me'),
+            'autoescape-tag10': (r'{{ safe }}', {'safe': filters.SafeClass()}, 'you &gt; me'),

            # The "safe" and "escape" filters cannot work due to internal
            # implementation details (fortunately, the (no)autoescape block