Commit Graph

133 Commits

Author SHA1 Message Date
Aymeric Augustin 6d52f6f8e6 Fixed #23831 -- Supported strings escaped by third-party libs in Django.
Refs #7261 -- Made strings escaped by Django usable in third-party libs.

The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.

Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.

Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.

Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.

Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:

    if isinstance(text, SafeData):
        return text
    else:
        return escape(text)

render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.

This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.

Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00
Jon Dufresne 4468c08d70 Fixed #23968 -- Replaced list comprehension with generators and dict comprehension 2014-12-08 07:58:23 -05:00
Aymeric Augustin 6294bd3903 Encapsulated TEMPLATE_DEBUG in Engine. 2014-11-23 11:54:17 +01:00
Aymeric Augustin 47a131b944 Encapsulated TEMPLATE_STRING_IF_INVALID in Engine. 2014-11-23 11:53:53 +01:00
Aymeric Augustin 240ea67ce0 Move compile_string into the Engine class. 2014-11-23 11:52:25 +01:00
Aymeric Augustin 5b1bb40216 Added to each Context a reference to the Engine.
It's only available during the rendering.
2014-11-23 11:52:22 +01:00
Aymeric Augustin 572cdb4391 Introduced a template engine class.
Moved Django templates loading infrastructure there.
2014-11-23 09:29:53 +01:00
Aymeric Augustin a97e72aaab Simplified caching of templatetags modules. 2014-11-19 21:35:39 +01:00
Tim Graham 12809e1609 Fixed #23489 -- Added numpy 1.9+ support in template lookups 2014-09-29 19:51:39 -04:00
Tim Graham 1101467ce0 Limited lines to 119 characters in django/
refs #23395.
2014-09-05 09:22:16 -04:00
Anubhav Joshi 0dd05c9e66 Fixed #16383 -- Raised the AttributeError raised in property of an object when used in a template.
Thanks maraujop for the report and Hiroki and Tim Graham for review.
2014-07-31 09:13:55 -04:00
Tim Graham 20ec9daf7c Fixed #22933 -- Deprecated django.template.resolve_variable(). 2014-07-01 17:29:41 -04:00
Rodolfo Carvalho 0d91225892 Fixed many typos in comments and docstrings.
Thanks Piotr Kasprzyk for help with the patch.
2014-03-03 07:38:09 -05:00
Patrick Robertson 6d18ab01d9 Removed incorrect statement from docstring
The docstring of FilterExpression said that it shouldn't be
instantiated from anywhere but the get_filters_from_token
helper function.

However, that helper function was deleted in commit
3ede006fc9 and FilterExpression
is instantiated from inside the compile_filter help function.
2014-02-23 12:33:29 +01:00
Baptiste Mispelon 34263c67b4 Moved the loader tags registration with the other builtins. 2014-01-19 20:11:32 +01:00
Aymeric Augustin 1716b7ce5a Renamed AppCache to Apps.
Also renamed app_cache to apps and "app cache" to "app registry".

Deprecated AppCache.app_cache_ready() in favor of Apps.ready().
2013-12-24 12:25:17 +01:00
Aymeric Augustin 2fef9e5375 Moved apps back in the toplevel django namespace.
Reverted 4a56a93cc4.
2013-12-22 11:39:55 +01:00
Aymeric Augustin 65cd74be8e Stopped iterating on INSTALLED_APPS.
Used the app cache's get_app_configs() method instead.
2013-12-22 11:39:18 +01:00
Loic Bistuer 6685713869 Fixed E127 pep8 warnings. 2013-12-14 11:59:15 -05:00
Tim Graham 98de90d3d8 Fixed spelling of compatibility. 2013-11-09 10:17:17 -05:00
Unai Zalakain 72f63bd24d Fixed #17529 -- get_template_from_string default arguments break
``get_template_from_string`` default arguments were breaking
``assertTemplateUsed``. The solution has been to return only the names of the
templates with a ``name`` attribute distinct of ``None``. The default ``name``
kwarg of ``Template`` has been changed to ``None``, more pythonic than ``'<Unknown
Template>'``.
2013-11-08 17:10:37 +01:00
Alex Gaynor fe995e6cbd Fixed the remaining E302 violations int eh django package 2013-11-02 17:37:15 -07:00
Alex Gaynor 7548aa8ffd More attacking E302 violators 2013-11-02 13:12:09 -07:00
Alex Gaynor ee48f4af99 Merge pull request #1848 from rayashmanjr/master
Correct flake8 violation E261
2013-11-02 12:34:34 -07:00
Ray Ashman Jr dcfc8fa972 Correct flake8 violation E261 2013-11-02 15:27:47 -04:00
Tim Graham 36ded01527 Fixed #21302 -- Fixed unused imports and import *. 2013-11-02 15:24:56 -04:00
Alasdair Nicol a800036981 Fixed #21287 -- Fixed E123 pep8 warnings 2013-10-18 10:07:39 +01:00
Alasdair Nicol dfb4cb9970 Fixed #21285 -- Fixed E121,E122 pep8 warnings 2013-10-17 20:20:11 -04:00
Tim Graham 7fec5a2240 Fixed #7557 -- Added type checking to Variable initialization.
Thanks tobias for the suggestion and boblefrag and saz for work on the
patch.
2013-09-19 09:27:19 -04:00
Gregor MacGregor b2b763448f Fixed #20841 -- Added messages to NotImplementedErrors
Thanks joseph at vertstudios.com for the suggestion.
2013-09-10 11:09:59 -04:00
Curtis Maloney 7c6f2ddcd9 Simplify FilterExpression.args_check 2013-09-09 09:03:50 -04:00
Baptiste Mispelon 28a571348b Fix #20745: Don't silence TypeError raised inside templates.
Thanks to robin for the report and claudep for the review.
2013-09-08 22:05:35 +02:00
Preston Timmons 8625c7aab3 Fixed #16096 -- Added origin attribute to template instances.
Thanks jdunck for the suggestion.
2013-09-06 09:14:52 -04:00
Simon Charette 11cd7388f7 Fixed #20989 -- Removed useless explicit list comprehensions. 2013-08-30 10:57:51 -04:00
Tim Graham 71b5617c24 Fixed #17778 -- Prevented class attributes on context from resolving as template variables.
Thanks KyleMac for the report, regebro for the patch, and Aymeric for the test.
2013-08-12 12:41:39 -04:00
Claude Paroz 5c1143910e Removed most of absolute_import imports
Should be unneeded with Python 2.7 and up.
Added some unicode_literals along the way.
2013-07-29 20:28:13 +02:00
Claude Paroz fdd7a355bf Deprecated django.utils.importlib
This was a shim for pre-Python 2.7 support.
2013-07-29 17:10:22 +02:00
Baptiste Mispelon ec371ace00 Fixed #20650 -- Fixed {% filter %} incorrectly accepting 'escape' as argument
Thanks to grzesiof for the report and to loic84 and Alex Gaynor
for the review.
2013-06-25 20:28:35 +02:00
Aymeric Augustin 9c487b5974 Replaced an antiquated pattern.
Thanks Lennart Regebro for pointing it out.
2013-05-17 18:08:58 +02:00
Carl Meyer 3ded2aef71 Remove leading underscore from a function that's all growed up now.
This function is now the de facto standard function for rendering values in a
template, and is imported by two other built-in template modules. It shouldn't
have a leading underscore.
2013-02-25 00:33:29 -07:00
Julien Phalip 7d5e35cdb4 Fixed #19829 -- Fixed index lookups for NumPy arrays in templates. 2013-02-14 23:29:15 -08:00
Michael van Tellingen 138de533ff Fixed #19819 - Improved template filter errors handling.
Wrap the Parser.compile_filter method call with a try/except and call the
newly added Parser.compile_filter_error(). Overwrite this method in the
DebugParser to throw the correct error.

Since this error was otherwise catched by the compile_function try/except
block the debugger highlighted the wrong line.
2013-02-14 10:22:59 +01:00
Claude Paroz ae88e73fa6 Replaced some smart_xxx by force_xxx equivalent
smart_str/smart_text should only be used when a potential lazy
string should be preserved in the result of the function call.
2012-08-30 15:46:16 +02:00
Claude Paroz dce34dc969 [py3] Made __repr__ return str with Python 3 2012-08-12 20:45:39 +02:00
Aymeric Augustin d4a0b27838 [py3] Refactored __unicode__ to __str__.
* Renamed the __unicode__ methods
* Applied the python_2_unicode_compatible decorator
* Removed the StrAndUnicode mix-in that is superseded by
  python_2_unicode_compatible
* Kept the __unicode__ methods in classes that specifically
  test it under Python 2
2012-08-12 14:44:40 +02:00
Aymeric Augustin 2bb2eecb63 [py3] Removed redundant __str__ methods.
These classes already have an identical __unicode__ method, which
will be used after an upcoming refactoring.
2012-08-12 14:44:40 +02:00
Aymeric Augustin c5ef65bcf3 [py3] Ported django.utils.encoding.
* Renamed smart_unicode to smart_text (but kept the old name under
  Python 2 for backwards compatibility).
* Renamed smart_str to smart_bytes.
* Re-introduced smart_str as an alias for smart_text under Python 3
  and smart_bytes under Python 2 (which is backwards compatible).
  Thus smart_str always returns a str objects.
* Used the new smart_str in a few places where both Python 2 and 3
  want a str.
2012-08-07 12:00:22 +02:00
Aymeric Augustin ee191715ea [py3] Fixed access to dict keys/values/items. 2012-08-07 12:00:22 +02:00
Aymeric Augustin bdca5ea345 [py3] Replaced unicode/str by six.text_type/bytes. 2012-07-22 09:29:54 +02:00
Aymeric Augustin 3cb2457f46 [py3] Replaced basestring by six.string_types. 2012-07-22 09:29:54 +02:00
Chris Beaven c57ba67331 Fixed #14502 again -- saner verbatim closing token
Previously, the closing token for the verbatim tag was specified as the
first argument of the opening token. As pointed out by Jannis, this is
a rather major departure from the core tag standard.

The new method reflects how you can give a specific closing name to
{% block %} tags.
2012-06-19 10:49:33 +12:00
Claude Paroz 4a103086d5 Fixed #18269 -- Applied unicode_literals for Python 3 compatibility.
Thanks Vinay Sajip for the support of his django3 branch and
Jannis Leidel for the review.
2012-06-07 18:08:47 +02:00
Aymeric Augustin 4464bbba15 Fixed #14502 -- Added a verbatim template tag.
Thanks SmileyChris for the patch.
2012-06-07 09:59:14 +02:00
Claude Paroz 169b1a404c Replaced foo.next() by next(foo).
This new syntax for next() has been introduced in Python 2.6 and is
compatible with Python 3.
2012-05-10 20:15:49 +02:00
Aymeric Augustin ddfc7c2530 Fixed #4746 -- Allowed spaces around filter separator. 2012-04-30 21:01:06 +02:00
Claude Paroz 3904b74a3f Fixed #18013 -- Use the new 'as' syntax for exceptions.
Thanks Clueless for the initial patch.
Note that unittest has been purposely left out (external package only used by Python 2.6).
2012-04-29 20:57:15 +02:00
Aymeric Augustin 3e8b40f479 Fixed #17992 -- Added a public API for localtime.
Thanks Bradley Ayers for the report.
2012-04-29 15:37:23 +02:00
Adrian Holovaty d6d4d60109 Made a tiny performance improvement in the template system's Parser.parse() -- don't look up the global variables TOKEN_TEXT, etc.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17400 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-01-28 01:50:14 +00:00
Adrian Holovaty 234b7e3720 Made a small optimization to the template lexer. There's no need to calculate the len of VARIABLE_TAG_START, et al, each time we create a token.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17399 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-01-27 23:46:22 +00:00
Aymeric Augustin 959f78b3c6 Fixed #3100 -- Added support for arguments on intermediate tag tokens.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17186 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-09 22:10:52 +00:00
Aymeric Augustin c5a899b190 Fixed #16787 -- Restored the ability to {% load %} template tags libraries within packages. Thanks Ivan Sagalaev for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17133 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-21 10:28:12 +00:00
Jannis Leidel 6f66b55108 Fixed #17255 -- Removed "as" prefix from new timezone template filter names for the sake of clarity. Cheers to Aymeric Augustin for bearing with me.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17107 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-18 15:00:08 +00:00
Aymeric Augustin 9b1cb755a2 Added support for time zones. Thanks Luke Plant for the review. Fixed #2626.
For more information on this project, see this thread:
http://groups.google.com/group/django-developers/browse_thread/thread/cf0423bbb85b1bbf



git-svn-id: http://code.djangoproject.com/svn/django/trunk@17106 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-18 13:01:06 +00:00
Aymeric Augustin d17bc72880 Fixed #17135 -- Made it possible to use decorators (like stringfilter) on template filter functions in combination with auto-escaping. Refs #16726.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17056 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-30 07:32:21 +00:00
Julien Phalip 26698bc851 Fixed #14806 -- Added support for contextual translations to the `trans` and `blocktrans` template tags. Thanks to jtiai for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17015 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-19 04:59:47 +00:00
Alex Gaynor 544a8372fd Remove several more relative imports.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17007 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-17 16:56:18 +00:00
Alex Gaynor 3e940cdfd9 Simplify some code to have one loop, rather than two.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16959 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-11 20:43:11 +00:00
Alex Gaynor e35ba97740 Change some string literals to be unicode, because:
* It's the most micro of optimizations (forget I even said it)
    * It makes significantly more sense semantically, given these are functions which return unicode.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16957 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-11 17:36:05 +00:00
Julien Phalip 8137027fd7 Fixed #13956 -- Enabled `*args` and `**kwargs` support for `simple_tag`, `inclusion_tag` and `assignment_tag`. Many thanks to Stephen Burrows for the report and initial patch, to Gregor Müllegger for the initial tests, to SamBull for the suggestions, and to Jannis Leidel for the review and PEP8 cleanup.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16908 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-27 12:15:15 +00:00
Alex Gaynor dafb4951a7 Make a comment more accurate.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16786 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-10 19:45:16 +00:00
Jannis Leidel 24f4764a48 Fixed #16225 -- Removed unused imports. Many thanks to Aymeric Augustin for the work on the patch and Alex for reviewing.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16539 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-13 09:35:51 +00:00
Jannis Leidel 0ebaf10258 Fixed #11989 -- Allow passing a Template instance to inclusion_tag. Thanks to Jeremy Dunck and tcoenen.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16374 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-11 16:22:45 +00:00
Jannis Leidel d27f909d2e Fixed #12847 -- Added name parameter to simple_tag, assignment_tag and inclusion_tag helpers. Thanks, vladmos.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16373 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-11 16:05:28 +00:00
Jannis Leidel 950e05c3ff Fixed #14262 -- Added new assignment_tag as a simple way to assign the result of a template tag to a context variable. Thanks, Julien Phalip.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16149 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-03 11:52:42 +00:00
Jannis Leidel 0b1a061881 Replaced old-style with new-style decorator syntax.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16138 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-01 16:46:02 +00:00
Jannis Leidel 2ac4f175ec Fixed #15070 -- Also pass current_app and use_l10n in inclusion_tags. Thanks, raony, mk and goodtune.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16117 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-28 13:41:28 +00:00
Luke Plant 1286d78311 Fixed #15791 - method to signal that callable objects should not be called in templates
Thanks to ejucovy for the suggestion and patch!

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16045 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-19 22:06:19 +00:00
Adrian Holovaty 13864703bc Removed a bunch more Python 2.4 workarounds now that we don't support that version. Refs #15702 -- thanks to jonash for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15927 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-28 02:11:19 +00:00
Ramiro Morales 193f14d862 Fixed #15157 -- Modified evaluation of literals surrounded by _(' and ')' in templates to be evaluated at render time instead of at compile time by using ugettext_lazy. Thanks Jonathan S for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15327 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-26 15:12:18 +00:00
Chris Beaven df6ad35c56 Fixed #7153 -- _resolve_lookup now does a better job of resolving callables and correctly catches all silent_variable_exceptions
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14992 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-19 23:47:24 +00:00
Russell Keith-Magee 314fabc930 Fixed #14908 -- Added a 'takes_context' argument to simple_tag. Thanks to Julien Phalip for driving the issue and providing the final patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14987 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-19 15:00:50 +00:00
Ramiro Morales 23f69af454 Fixed #12201 -- Added a lineno attibute to template Token so e.g. we can report line numbers in errors during i18n literals extraction. Thanks madewulf for the report and Claude Paroz for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14813 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-04 17:42:54 +00:00
Russell Keith-Magee 0be14b0b96 Fixed #12248 -- Refactored django.template to get code out of __init__.py, to help with avoiding circular import dependencies. Thanks to Tom Tobin for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14722 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-27 05:47:30 +00:00