Fixed #11413 -- Added notes on the cycle and firstof tag detailing that variables output by those tags will not be escaped by default. Thanks to krystal for the report and draft patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11163 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
f5ed3f4085
commit
6ed0345092
|
@ -564,7 +564,7 @@ do_filter = register.tag("filter", do_filter)
|
||||||
#@register.tag
|
#@register.tag
|
||||||
def firstof(parser, token):
|
def firstof(parser, token):
|
||||||
"""
|
"""
|
||||||
Outputs the first variable passed that is not False.
|
Outputs the first variable passed that is not False, without escaping.
|
||||||
|
|
||||||
Outputs nothing if all the passed variables are False.
|
Outputs nothing if all the passed variables are False.
|
||||||
|
|
||||||
|
@ -575,11 +575,11 @@ def firstof(parser, token):
|
||||||
This is equivalent to::
|
This is equivalent to::
|
||||||
|
|
||||||
{% if var1 %}
|
{% if var1 %}
|
||||||
{{ var1 }}
|
{{ var1|safe }}
|
||||||
{% else %}{% if var2 %}
|
{% else %}{% if var2 %}
|
||||||
{{ var2 }}
|
{{ var2|safe }}
|
||||||
{% else %}{% if var3 %}
|
{% else %}{% if var3 %}
|
||||||
{{ var3 }}
|
{{ var3|safe }}
|
||||||
{% endif %}{% endif %}{% endif %}
|
{% endif %}{% endif %}{% endif %}
|
||||||
|
|
||||||
but obviously much cleaner!
|
but obviously much cleaner!
|
||||||
|
@ -589,6 +589,12 @@ def firstof(parser, token):
|
||||||
|
|
||||||
{% firstof var1 var2 var3 "fallback value" %}
|
{% firstof var1 var2 var3 "fallback value" %}
|
||||||
|
|
||||||
|
If you want to escape the output, use a filter tag::
|
||||||
|
|
||||||
|
{% filter force_escape %}
|
||||||
|
{% firstof var1 var2 var3 "fallback value" %}
|
||||||
|
{% endfilter %}
|
||||||
|
|
||||||
"""
|
"""
|
||||||
bits = token.split_contents()[1:]
|
bits = token.split_contents()[1:]
|
||||||
if len(bits) < 1:
|
if len(bits) < 1:
|
||||||
|
|
|
@ -101,6 +101,14 @@ You can use any number of values in a ``{% cycle %}`` tag, separated by spaces.
|
||||||
Values enclosed in single (``'``) or double quotes (``"``) are treated as
|
Values enclosed in single (``'``) or double quotes (``"``) are treated as
|
||||||
string literals, while values without quotes are treated as template variables.
|
string literals, while values without quotes are treated as template variables.
|
||||||
|
|
||||||
|
Note that the variables included in the cycle will not be escaped. This is
|
||||||
|
because template tags do not escape their content. If you want to escape the
|
||||||
|
variables in the cycle, you must do so explicitly::
|
||||||
|
|
||||||
|
{% filter force_escape %}
|
||||||
|
{% cycle var1 var2 var3 %}
|
||||||
|
{% endfilter %}
|
||||||
|
|
||||||
For backwards compatibility, the ``{% cycle %}`` tag supports the much inferior
|
For backwards compatibility, the ``{% cycle %}`` tag supports the much inferior
|
||||||
old syntax from previous Django versions. You shouldn't use this in any new
|
old syntax from previous Django versions. You shouldn't use this in any new
|
||||||
projects, but for the sake of the people who are still using it, here's what it
|
projects, but for the sake of the people who are still using it, here's what it
|
||||||
|
@ -160,8 +168,9 @@ Sample usage::
|
||||||
firstof
|
firstof
|
||||||
~~~~~~~
|
~~~~~~~
|
||||||
|
|
||||||
Outputs the first variable passed that is not False. Outputs nothing if all the
|
Outputs the first variable passed that is not False, without escaping.
|
||||||
passed variables are False.
|
|
||||||
|
Outputs nothing if all the passed variables are False.
|
||||||
|
|
||||||
Sample usage::
|
Sample usage::
|
||||||
|
|
||||||
|
@ -170,11 +179,11 @@ Sample usage::
|
||||||
This is equivalent to::
|
This is equivalent to::
|
||||||
|
|
||||||
{% if var1 %}
|
{% if var1 %}
|
||||||
{{ var1 }}
|
{{ var1|safe }}
|
||||||
{% else %}{% if var2 %}
|
{% else %}{% if var2 %}
|
||||||
{{ var2 }}
|
{{ var2|safe }}
|
||||||
{% else %}{% if var3 %}
|
{% else %}{% if var3 %}
|
||||||
{{ var3 }}
|
{{ var3|safe }}
|
||||||
{% endif %}{% endif %}{% endif %}
|
{% endif %}{% endif %}{% endif %}
|
||||||
|
|
||||||
You can also use a literal string as a fallback value in case all
|
You can also use a literal string as a fallback value in case all
|
||||||
|
@ -182,6 +191,14 @@ passed variables are False::
|
||||||
|
|
||||||
{% firstof var1 var2 var3 "fallback value" %}
|
{% firstof var1 var2 var3 "fallback value" %}
|
||||||
|
|
||||||
|
Note that the variables included in the firstof tag will not be escaped. This
|
||||||
|
is because template tags do not escape their content. If you want to escape
|
||||||
|
the variables in the firstof tag, you must do so explicitly::
|
||||||
|
|
||||||
|
{% filter force_escape %}
|
||||||
|
{% firstof var1 var2 var3 "fallback value" %}
|
||||||
|
{% endfilter %}
|
||||||
|
|
||||||
.. templatetag:: for
|
.. templatetag:: for
|
||||||
|
|
||||||
for
|
for
|
||||||
|
|
Loading…
Reference in New Issue