Fixed #10369 -- Fixed auto-escaping inside "tran" and "blocktrans" tags.

Patch from Andrew Badr.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10519 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Malcolm Tredinnick 2009-04-11 12:03:52 +00:00
parent d18f75af44
commit b1a5db37e6
3 changed files with 22 additions and 9 deletions

View File

@ -802,6 +802,18 @@ class TextNode(Node):
def render(self, context): def render(self, context):
return self.s return self.s
def _render_value_in_context(value, context):
"""
Converts any value to a string to become part of a rendered template. This
means escaping, if required, and conversion to a unicode object. If value
is a string, it is expected to have already been translated.
"""
value = force_unicode(value)
if (context.autoescape and not isinstance(value, SafeData)) or isinstance(value, EscapeData):
return escape(value)
else:
return value
class VariableNode(Node): class VariableNode(Node):
def __init__(self, filter_expression): def __init__(self, filter_expression):
self.filter_expression = filter_expression self.filter_expression = filter_expression
@ -811,15 +823,12 @@ class VariableNode(Node):
def render(self, context): def render(self, context):
try: try:
output = force_unicode(self.filter_expression.resolve(context)) output = self.filter_expression.resolve(context)
except UnicodeDecodeError: except UnicodeDecodeError:
# Unicode conversion can fail sometimes for reasons out of our # Unicode conversion can fail sometimes for reasons out of our
# control (e.g. exception rendering). In that case, we fail quietly. # control (e.g. exception rendering). In that case, we fail quietly.
return '' return ''
if (context.autoescape and not isinstance(output, SafeData)) or isinstance(output, EscapeData): return _render_value_in_context(output, context)
return force_unicode(escape(output))
else:
return force_unicode(output)
def generic_tag_compiler(params, defaults, name, node_class, parser, token): def generic_tag_compiler(params, defaults, name, node_class, parser, token):
"Returns a template.Node subclass." "Returns a template.Node subclass."

View File

@ -1,6 +1,6 @@
import re import re
from django.template import Node, Variable, VariableNode from django.template import Node, Variable, VariableNode, _render_value_in_context
from django.template import TemplateSyntaxError, TokenParser, Library from django.template import TemplateSyntaxError, TokenParser, Library
from django.template import TOKEN_TEXT, TOKEN_VAR from django.template import TOKEN_TEXT, TOKEN_VAR
from django.utils import translation from django.utils import translation
@ -43,7 +43,7 @@ class TranslateNode(Node):
if self.noop: if self.noop:
return value return value
else: else:
return translation.ugettext(value) return _render_value_in_context(translation.ugettext(value), context)
class BlockTranslateNode(Node): class BlockTranslateNode(Node):
def __init__(self, extra_context, singular, plural=None, countervar=None, def __init__(self, extra_context, singular, plural=None, countervar=None,
@ -82,7 +82,7 @@ class BlockTranslateNode(Node):
result = translation.ugettext(singular) result = translation.ugettext(singular)
# Escape all isolated '%' before substituting in the context. # Escape all isolated '%' before substituting in the context.
result = re.sub(u'%(?!\()', u'%%', result) result = re.sub(u'%(?!\()', u'%%', result)
data = dict([(v, force_unicode(context[v])) for v in vars]) data = dict([(v, _render_value_in_context(context[v], context)) for v in vars])
context.pop() context.pop()
return result % data return result % data

View File

@ -851,10 +851,14 @@ class Templates(unittest.TestCase):
'i18n15': ('{{ absent|default:_("Password") }}', {'LANGUAGE_CODE': 'de', 'absent': ""}, 'Passwort'), 'i18n15': ('{{ absent|default:_("Password") }}', {'LANGUAGE_CODE': 'de', 'absent': ""}, 'Passwort'),
'i18n16': ('{{ _("<") }}', {'LANGUAGE_CODE': 'de'}, '<'), 'i18n16': ('{{ _("<") }}', {'LANGUAGE_CODE': 'de'}, '<'),
# Escaping inside blocktrans works as if it was directly in the # Escaping inside blocktrans and trans works as if it was directly in the
# template. # template.
'i18n17': ('{% load i18n %}{% blocktrans with anton|escape as berta %}{{ berta }}{% endblocktrans %}', {'anton': 'α & β'}, u'α &amp; β'), 'i18n17': ('{% load i18n %}{% blocktrans with anton|escape as berta %}{{ berta }}{% endblocktrans %}', {'anton': 'α & β'}, u'α &amp; β'),
'i18n18': ('{% load i18n %}{% blocktrans with anton|force_escape as berta %}{{ berta }}{% endblocktrans %}', {'anton': 'α & β'}, u'α &amp; β'), 'i18n18': ('{% load i18n %}{% blocktrans with anton|force_escape as berta %}{{ berta }}{% endblocktrans %}', {'anton': 'α & β'}, u'α &amp; β'),
'i18n19': ('{% load i18n %}{% blocktrans %}{{ andrew }}{% endblocktrans %}', {'andrew': 'a & b'}, u'a &amp; b'),
'i18n20': ('{% load i18n %}{% trans andrew %}', {'andrew': 'a & b'}, u'a &amp; b'),
'i18n21': ('{% load i18n %}{% blocktrans %}{{ andrew }}{% endblocktrans %}', {'andrew': mark_safe('a & b')}, u'a & b'),
'i18n22': ('{% load i18n %}{% trans andrew %}', {'andrew': mark_safe('a & b')}, u'a & b'),
### HANDLING OF TEMPLATE_STRING_IF_INVALID ################################### ### HANDLING OF TEMPLATE_STRING_IF_INVALID ###################################