Commit Graph

19 Commits

Author SHA1 Message Date
Aymeric Augustin 6d52f6f8e6 Fixed #23831 -- Supported strings escaped by third-party libs in Django.
Refs #7261 -- Made strings escaped by Django usable in third-party libs.

The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.

Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.

Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.

Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.

Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:

    if isinstance(text, SafeData):
        return text
    else:
        return escape(text)

render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.

This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.

Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00
Alex Gaynor 7548aa8ffd More attacking E302 violators 2013-11-02 13:12:09 -07:00
Larry O'Neill 83b9bfea44 Fixed #21266 -- Fixed E201,E202 pep8 warnings. 2013-10-14 18:12:00 -04:00
Michael van Tellingen 138de533ff Fixed #19819 - Improved template filter errors handling.
Wrap the Parser.compile_filter method call with a try/except and call the
newly added Parser.compile_filter_error(). Overwrite this method in the
DebugParser to throw the correct error.

Since this error was otherwise catched by the compile_function try/except
block the debugger highlighted the wrong line.
2013-02-14 10:22:59 +01:00
Aymeric Augustin c5ef65bcf3 [py3] Ported django.utils.encoding.
* Renamed smart_unicode to smart_text (but kept the old name under
  Python 2 for backwards compatibility).
* Renamed smart_str to smart_bytes.
* Re-introduced smart_str as an alias for smart_text under Python 3
  and smart_bytes under Python 2 (which is backwards compatible).
  Thus smart_str always returns a str objects.
* Used the new smart_str in a few places where both Python 2 and 3
  want a str.
2012-08-07 12:00:22 +02:00
Claude Paroz 3904b74a3f Fixed #18013 -- Use the new 'as' syntax for exceptions.
Thanks Clueless for the initial patch.
Note that unittest has been purposely left out (external package only used by Python 2.6).
2012-04-29 20:57:15 +02:00
Aymeric Augustin 3e8b40f479 Fixed #17992 -- Added a public API for localtime.
Thanks Bradley Ayers for the report.
2012-04-29 15:37:23 +02:00
Jannis Leidel 6f66b55108 Fixed #17255 -- Removed "as" prefix from new timezone template filter names for the sake of clarity. Cheers to Aymeric Augustin for bearing with me.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17107 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-18 15:00:08 +00:00
Aymeric Augustin 9b1cb755a2 Added support for time zones. Thanks Luke Plant for the review. Fixed #2626.
For more information on this project, see this thread:
http://groups.google.com/group/django-developers/browse_thread/thread/cf0423bbb85b1bbf



git-svn-id: http://code.djangoproject.com/svn/django/trunk@17106 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-18 13:01:06 +00:00
Carl Meyer 4397c587a4 Fixed #16770 -- Eliminated TemplateSyntaxError wrapping of exceptions. Thanks to Justin Myles-Holmes for report and draft patch.
Exceptions raised in templates were previously wrapped in TemplateSyntaxError
(in TEMPLATE_DEBUG mode only) in order to provide template source details on
the debug 500 page. The same debug information is now provided by annotating
exceptions rather than wrapping them. This makes catching exceptions raised
from templates more sane, as it's consistent in or out of DEBUG, and you can
catch the specific exception(s) you care about rather than having to also catch
TemplateSyntaxError and unwrap it.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16833 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-16 01:16:25 +00:00
Jannis Leidel 958e049d4d Fixed #5831 -- Made sure the ForNode reports the correct source of an exception happening in one of the loops. Thanks, Charmless and vladmos.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16605 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-12 14:15:17 +00:00
Jannis Leidel 24f4764a48 Fixed #16225 -- Removed unused imports. Many thanks to Aymeric Augustin for the work on the patch and Alex for reviewing.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16539 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-13 09:35:51 +00:00
Russell Keith-Magee 0be14b0b96 Fixed #12248 -- Refactored django.template to get code out of __init__.py, to help with avoiding circular import dependencies. Thanks to Tom Tobin for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14722 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-27 05:47:30 +00:00
Russell Keith-Magee 20e09ca817 Fixed #14589 -- Corrected a copy-and-paste error introduced in r14395. Thanks to Adam McKerlie for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14397 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-30 04:28:43 +00:00
Russell Keith-Magee ccc49029b8 Fixed #14181 -- Added a template tag and filters to allow localization to be disabled in a template. Thanks to Benjamin Wohlwend for the work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14395 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-29 16:48:58 +00:00
Karen Tracey 50e46c017e Fixed #11461: Ensured complete traceback is available on the debug page when an exception is encountered during template rendering, even when running on Python 2.6 or higher. Thanks Glenn.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12725 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-08 17:01:21 +00:00
Jannis Leidel 9233d04265 Fixed #7980 - Improved i18n framework to support locale aware formatting (dates and numbers) and form processing.
Thanks to Marc Garcia for working on this during his Google Summer of Code 2009!

Additionally fixes #1061, #2203, #3940, #5526, #6449, #6231, #6693, #6783, #9366 and #10891.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11964 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-22 17:58:49 +00:00
Malcolm Tredinnick b5adaec4c2 Fixed #5884 -- Added better display error handling for template variables.
Combined work from Karen Tracey and Thomas Güttler.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7260 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-03-17 14:21:09 +00:00
Adrian Holovaty 6557dc954b Moved the various Debug classes in django.template to a new module, debug.py, so they're only loaded if DEBUG=True. This led to a DEBUG=False memory savings of one 4-KB memory block on my machine, according to ps
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6969 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-12-22 19:10:03 +00:00