Fixed #10369 -- Fixed auto-escaping inside "tran" and "blocktrans" tags.
Patch from Andrew Badr. git-svn-id: http://code.djangoproject.com/svn/django/trunk@10519 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
d18f75af44
commit
b1a5db37e6
|
@ -802,6 +802,18 @@ class TextNode(Node):
|
||||||
def render(self, context):
|
def render(self, context):
|
||||||
return self.s
|
return self.s
|
||||||
|
|
||||||
|
def _render_value_in_context(value, context):
|
||||||
|
"""
|
||||||
|
Converts any value to a string to become part of a rendered template. This
|
||||||
|
means escaping, if required, and conversion to a unicode object. If value
|
||||||
|
is a string, it is expected to have already been translated.
|
||||||
|
"""
|
||||||
|
value = force_unicode(value)
|
||||||
|
if (context.autoescape and not isinstance(value, SafeData)) or isinstance(value, EscapeData):
|
||||||
|
return escape(value)
|
||||||
|
else:
|
||||||
|
return value
|
||||||
|
|
||||||
class VariableNode(Node):
|
class VariableNode(Node):
|
||||||
def __init__(self, filter_expression):
|
def __init__(self, filter_expression):
|
||||||
self.filter_expression = filter_expression
|
self.filter_expression = filter_expression
|
||||||
|
@ -811,15 +823,12 @@ class VariableNode(Node):
|
||||||
|
|
||||||
def render(self, context):
|
def render(self, context):
|
||||||
try:
|
try:
|
||||||
output = force_unicode(self.filter_expression.resolve(context))
|
output = self.filter_expression.resolve(context)
|
||||||
except UnicodeDecodeError:
|
except UnicodeDecodeError:
|
||||||
# Unicode conversion can fail sometimes for reasons out of our
|
# Unicode conversion can fail sometimes for reasons out of our
|
||||||
# control (e.g. exception rendering). In that case, we fail quietly.
|
# control (e.g. exception rendering). In that case, we fail quietly.
|
||||||
return ''
|
return ''
|
||||||
if (context.autoescape and not isinstance(output, SafeData)) or isinstance(output, EscapeData):
|
return _render_value_in_context(output, context)
|
||||||
return force_unicode(escape(output))
|
|
||||||
else:
|
|
||||||
return force_unicode(output)
|
|
||||||
|
|
||||||
def generic_tag_compiler(params, defaults, name, node_class, parser, token):
|
def generic_tag_compiler(params, defaults, name, node_class, parser, token):
|
||||||
"Returns a template.Node subclass."
|
"Returns a template.Node subclass."
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
import re
|
import re
|
||||||
|
|
||||||
from django.template import Node, Variable, VariableNode
|
from django.template import Node, Variable, VariableNode, _render_value_in_context
|
||||||
from django.template import TemplateSyntaxError, TokenParser, Library
|
from django.template import TemplateSyntaxError, TokenParser, Library
|
||||||
from django.template import TOKEN_TEXT, TOKEN_VAR
|
from django.template import TOKEN_TEXT, TOKEN_VAR
|
||||||
from django.utils import translation
|
from django.utils import translation
|
||||||
|
@ -43,7 +43,7 @@ class TranslateNode(Node):
|
||||||
if self.noop:
|
if self.noop:
|
||||||
return value
|
return value
|
||||||
else:
|
else:
|
||||||
return translation.ugettext(value)
|
return _render_value_in_context(translation.ugettext(value), context)
|
||||||
|
|
||||||
class BlockTranslateNode(Node):
|
class BlockTranslateNode(Node):
|
||||||
def __init__(self, extra_context, singular, plural=None, countervar=None,
|
def __init__(self, extra_context, singular, plural=None, countervar=None,
|
||||||
|
@ -82,7 +82,7 @@ class BlockTranslateNode(Node):
|
||||||
result = translation.ugettext(singular)
|
result = translation.ugettext(singular)
|
||||||
# Escape all isolated '%' before substituting in the context.
|
# Escape all isolated '%' before substituting in the context.
|
||||||
result = re.sub(u'%(?!\()', u'%%', result)
|
result = re.sub(u'%(?!\()', u'%%', result)
|
||||||
data = dict([(v, force_unicode(context[v])) for v in vars])
|
data = dict([(v, _render_value_in_context(context[v], context)) for v in vars])
|
||||||
context.pop()
|
context.pop()
|
||||||
return result % data
|
return result % data
|
||||||
|
|
||||||
|
|
|
@ -851,10 +851,14 @@ class Templates(unittest.TestCase):
|
||||||
'i18n15': ('{{ absent|default:_("Password") }}', {'LANGUAGE_CODE': 'de', 'absent': ""}, 'Passwort'),
|
'i18n15': ('{{ absent|default:_("Password") }}', {'LANGUAGE_CODE': 'de', 'absent': ""}, 'Passwort'),
|
||||||
'i18n16': ('{{ _("<") }}', {'LANGUAGE_CODE': 'de'}, '<'),
|
'i18n16': ('{{ _("<") }}', {'LANGUAGE_CODE': 'de'}, '<'),
|
||||||
|
|
||||||
# Escaping inside blocktrans works as if it was directly in the
|
# Escaping inside blocktrans and trans works as if it was directly in the
|
||||||
# template.
|
# template.
|
||||||
'i18n17': ('{% load i18n %}{% blocktrans with anton|escape as berta %}{{ berta }}{% endblocktrans %}', {'anton': 'α & β'}, u'α & β'),
|
'i18n17': ('{% load i18n %}{% blocktrans with anton|escape as berta %}{{ berta }}{% endblocktrans %}', {'anton': 'α & β'}, u'α & β'),
|
||||||
'i18n18': ('{% load i18n %}{% blocktrans with anton|force_escape as berta %}{{ berta }}{% endblocktrans %}', {'anton': 'α & β'}, u'α & β'),
|
'i18n18': ('{% load i18n %}{% blocktrans with anton|force_escape as berta %}{{ berta }}{% endblocktrans %}', {'anton': 'α & β'}, u'α & β'),
|
||||||
|
'i18n19': ('{% load i18n %}{% blocktrans %}{{ andrew }}{% endblocktrans %}', {'andrew': 'a & b'}, u'a & b'),
|
||||||
|
'i18n20': ('{% load i18n %}{% trans andrew %}', {'andrew': 'a & b'}, u'a & b'),
|
||||||
|
'i18n21': ('{% load i18n %}{% blocktrans %}{{ andrew }}{% endblocktrans %}', {'andrew': mark_safe('a & b')}, u'a & b'),
|
||||||
|
'i18n22': ('{% load i18n %}{% trans andrew %}', {'andrew': mark_safe('a & b')}, u'a & b'),
|
||||||
|
|
||||||
### HANDLING OF TEMPLATE_STRING_IF_INVALID ###################################
|
### HANDLING OF TEMPLATE_STRING_IF_INVALID ###################################
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue