Erik Romijn
fa350e2f30
Fixed #24464 -- Made built-in HTML template filter functions escape their input by default.
...
This may cause some backwards compatibility issues, but may also
resolve security issues in third party projects that fail to heed warnings
in our documentation.
Thanks Markus Holtermann for help with tests and docs.
2015-03-09 09:29:58 -04:00
Tim Graham
c36b60836b
Fixed #24451 -- Deprecated comma-separated {% cycle %} syntax.
2015-03-07 07:42:39 -05:00
Preston Timmons
70123cf084
Fixed #24399 -- Made filesystem loaders use more specific exceptions.
2015-03-03 21:20:46 +01:00
Preston Timmons
358850781f
Fixed #24372 - Replaced TokenParser usage with traditional parsing.
2015-03-02 18:25:28 -05:00
Corey Farwell
4fdc7015c0
Used dict comprehension in URLNode
...
4468c08d7
replaced a lot of the old `dict()` comprehensions
with the new style, but missed this one.
2015-03-02 08:50:27 -05:00
Preston Timmons
80d6b6b863
Fixed #24409 -- Combined the app_directories and filesystem loader implementation.
...
Besides the directories they look in, these two loaders are functionally
the same. This removes unnecessary code duplication between the two.
2015-03-02 07:53:58 -05:00
Aymeric Augustin
51b606f75d
Removed a non-obvious side-effect of assigning Context.template.
...
Explicit is better than implicit.
2015-02-20 22:27:48 +01:00
Aymeric Augustin
1bfcc950ab
Set context.template instead of context.engine while rendering.
...
This opens more possibilities, like accessing context.template.origin.
It also follows the chain of objects instead of following a shortcut.
2015-02-19 22:08:11 +01:00
Tim Graham
098fa12dd3
Refs #24324 -- Fixed crash in {% debug %} tag on Python 2.
...
If Django is installed in a path that contains non-ASCII characters,
the tag failed with UnicodeDecodeError.
2015-02-18 07:24:13 -05:00
Tim Graham
bad6280c4e
Refs #24324 -- Fixed get_app_template_dirs() UnicodeDecodeError on Python 2.
...
The function implemented most of upath(), but skipped the check for
strings that are already unicode.
2015-02-17 08:19:58 -05:00
Preston Timmons
ad9ecc2c20
Removed unnecessary __init__ definition from DebugLexer.
2015-02-16 19:00:02 +01:00
Aymeric Augustin
15b711b5ee
Deprecated TEMPLATE_DEBUG setting.
2015-02-15 20:47:04 +01:00
Aymeric Augustin
47ee7b48ad
Fixed #24338 -- Accepted Template wrapper in {% extends %}.
...
Explicitly checking for django.template.Template subclasses is
preferrable to duck-typing because both the django.template.Template and
django.template.backends.django.Template have a render() method.
Thanks spectras for the report.
2015-02-14 10:21:06 +01:00
Aymeric Augustin
f2c104ada6
Split DTL context creation into its own function.
...
This reduces the length of rope RequestContext gives users to hang
themselves with.
Thanks Alex Hill for the report and Tim Graham for the review.
2015-02-10 14:34:05 +01:00
Alex Gaynor
8099d33b65
Simplified the lazy CSRF token implementation in csrf context processor.
...
This significantly improves performance on PyPy. The previous
implementation would generate a new class on every single request,
which is relatively slow.
2015-02-08 15:02:43 -05:00
Collin Anderson
db77915c9f
Fixed E265 comment style
2015-02-06 09:30:35 -05:00
Tim Graham
0ed7d15563
Sorted imports with isort; refs #23860 .
2015-02-06 08:16:28 -05:00
Aymeric Augustin
44ad691558
Fixed #24265 -- Preserved template backend loading exceptions.
...
If importing or initializing a template backend fails, attempting to
access this template backend again must raise the same exception.
2015-02-05 20:06:18 +01:00
Aymeric Augustin
31d3a35579
Fixed #24273 -- Allowed copying RequestContext more than once.
...
Thanks Collin Anderson for the report.
2015-02-05 13:21:50 +01:00
Preston Timmons
5bc5ddd8b5
Fixed #24235 -- Removed is_usable attribute from template loaders.
2015-02-04 07:47:28 -05:00
Preston Timmons
cd4282816d
Fixed #18651 -- Enabled optional assignments for simple_tag().
2015-02-03 10:44:33 -05:00
Aymeric Augustin
2133f3157e
Fixed #24168 -- Allowed selecting a template engine in a few APIs.
...
Specifically in rendering shortcuts, template responses, and class-based
views that return template responses.
Also added a test for render_to_response(status=...) which was missing
from fdbfc980
.
Thanks Tim and Carl for the review.
2015-02-03 08:29:45 +01:00
David Robles
d60b96d988
Fixed typo in 'Django Template Language'
2015-01-17 03:05:28 +01:00
Aymeric Augustin
79deb6a071
Accounted for multiple template engines in template responses.
2015-01-12 21:01:34 +01:00
Aymeric Augustin
a3e783fe11
Deprecated passing a Context to a generic Template.render.
...
A deprecation path is required because the return type of
django.template.loader.get_template changed during the
multiple template engines refactor.
test_csrf_token_in_404 was incorrect: it tested the case when the
hardcoded template was rendered, and that template doesn't depend on the
CSRF token. This commit makes it test the case when a custom template is
rendered.
2015-01-12 21:01:34 +01:00
Aymeric Augustin
71b7668b75
Rewrapped TemplateSyntaxError in Jinja2 backend.
...
Changed import style to avoid confusion between Django's and Jinja2's
APIs.
2015-01-12 21:01:34 +01:00
Ola Sitarska
d563e3be68
Fixed #23913 -- Deprecated the `=` comparison in `if` template tag.
2015-01-11 15:21:01 -05:00
Aymeric Augustin
eaa1a22341
Added a request argument to render_to_string.
...
This is for consistency with Template.render.
It adds a little bit of knowledge about HTTP requests in
django.template.loader but I think consistency trumps purity.
2015-01-07 21:54:22 +01:00
Aymeric Augustin
118592663d
Exposed Engine in the django.template namespace.
...
It's the main entrypoint to the refactored template system.
2015-01-07 21:54:22 +01:00
Aymeric Augustin
0cdb09d489
Made context take priority over context processors.
...
This is the expected behavior, but given RequestContext's tortuous
implementation, a straightforward use of its API results in the
opposite.
This commits fixes a regression that must have happened at different
points in the multiple templates engine refactor for different features.
2015-01-06 22:02:27 +01:00
Aymeric Augustin
ed220c4cbe
Added comments to remove Engine.render_to_string in Django 2.0.
...
Since this is a private API introduced in Django 1.8, no documentation
is required.
2015-01-06 22:02:26 +01:00
Preston Timmons
de9ebdd39c
Fixed #24022 -- Deprecated the ssi tag.
2015-01-05 19:35:02 -05:00
Aymeric Augustin
932d449f00
Explained the structure of django.template.
2014-12-28 17:02:31 +01:00
Aymeric Augustin
b7282db833
Raised a warning when using the legacy TEMPLATE_* settings.
...
All tests now rely on TEMPLATES.
2014-12-28 17:02:31 +01:00
Aymeric Augustin
9eb4f28e89
Deprecated TEMPLATE_CONTEXT_PROCESSORS.
2014-12-28 17:02:31 +01:00
Aymeric Augustin
84d7c93feb
Raised an error when allowed_include_roots is a string.
...
This avoids leaving projects silently vulnerable when this option is set
to a string instead of a one-item tuple containing that string, a very
common misconfiguration.
2014-12-28 17:02:29 +01:00
Aymeric Augustin
cf1f36bb6e
Deprecated current_app in TemplateResponse and render(_to_response).
2014-12-28 17:02:29 +01:00
Aymeric Augustin
e53495ba33
Preserved context class in inclusion_tag.
...
Previously, when a template was rendered with RequestContext, inclusion
tags were rendered with a plain context, losing additional information
available in the RequestContext.
The (admittedly bizarre) implementation of RequestContext.new() has the
side-effect of not running template context processors, making this
change backwards-compatible.
2014-12-28 17:02:29 +01:00
Aymeric Augustin
a0141f9eac
Simplified implementation of django.shortcuts.render(_to_response).
...
*args, **kwargs brought more confusion than concision.
2014-12-28 17:00:07 +01:00
Aymeric Augustin
92e8f1f302
Moved context_processors from django.core to django.template.
2014-12-28 17:00:07 +01:00
Aymeric Augustin
c599f233b1
Added a comment about the last use of Engine.get_default().
2014-12-28 17:00:07 +01:00
Aymeric Augustin
90805b240f
Supported multiple template engines in render_to_string.
...
Adjusted its API through a deprecation path according to the DEP.
2014-12-28 16:23:02 +01:00
Aymeric Augustin
f9a6ebf6f5
Removed extraneous arguments in Engine.from_string.
...
This aligns the Django Template Engine API with the common template
backend API.
2014-12-28 16:23:02 +01:00
Aymeric Augustin
f50a09f2cd
Removed private API get_template_from_string.
...
It wasn't documented and it wasn't used anywhere.
2014-12-28 16:23:01 +01:00
Aymeric Augustin
5523e4cdbb
Removed private API find_template.
...
It wasn't documented and it wasn't used anywhere, except in a few tests
that don't test it specifically and can be rewritten with get_template.
2014-12-28 16:23:01 +01:00
Aymeric Augustin
4ea43ac915
Supported multiple template engines in get_template and select_template.
...
This commit changes the return type of these two functions. Instead of
returning a django.template.Template they return a backend-specific
Template class that must implement render(self, context).
2014-12-28 16:23:01 +01:00
Aymeric Augustin
6854998c8f
Looked up the default template engine in the list of all engines.
2014-12-28 16:23:01 +01:00
Aymeric Augustin
b34b8a12b7
Passed a reference to the current engine when instantiating Template.
2014-12-28 16:23:00 +01:00
Aymeric Augustin
24dffaf0cb
Removed some uses of global APIs from django.template.loader.
2014-12-28 16:23:00 +01:00
Aymeric Augustin
1eca0e95cf
Added Django template backend.
2014-12-28 16:08:35 +01:00