Commit Graph

30 Commits

Author SHA1 Message Date
Sergey Fedoseev 857f860d56 Removed unneded str() calls prior to mark_safe(); simplified mark_safe(). 2018-07-09 11:25:11 -04:00
Anton Samarchyan 9718fa2e8a Refs #27656 -- Updated django.utils docstring verbs according to PEP 257. 2017-02-11 16:11:08 -05:00
Claude Paroz ccfd1295f9 Refs #27795 -- Prevented SafeText from losing safe status on str()
This will allow to replace force_text() by str() in several places (as one of
the features of force_text is to keep the safe status).
2017-01-30 21:10:32 +01:00
Claude Paroz 52138b1fd0 Refs #23919 -- Removed usage of obsolete SafeBytes class
The class will be removed as part of #27753.
Thanks Tim Graham for the review.
2017-01-30 15:04:45 +01:00
Vytis Banaitis d1bab24e01 Refs #23919, #27778 -- Removed obsolete mentions of unicode. 2017-01-26 08:19:27 -05:00
chillaranand d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Claude Paroz 042b7350a0 Refs #23919 -- Removed unneeded str() calls 2017-01-20 14:13:55 +01:00
Simon Charette cecc079168 Refs #23919 -- Stopped inheriting from object to define new style classes. 2017-01-19 08:39:46 +01:00
Claude Paroz 7b2f2e74ad Refs #23919 -- Removed six.<various>_types usage
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
Claude Paroz c716fe8782 Refs #23919 -- Removed six.PY2/PY3 usage
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
Tim Graham 60ca37d2e5 Refs #24046 -- Removed mark_for_escaping() per deprecation timeline. 2017-01-17 20:52:04 -05:00
Ramin Farajpour Cami 967be82443 Fixed E305 flake8 warnings. 2016-11-14 12:30:46 -05:00
Scott Vitale be729b6120 Fixed #10107 -- Allowed using mark_safe() as a decorator.
Thanks ArcTanSusan for the initial patch.
2016-06-07 12:24:03 -04:00
Tim Graham 2f0e0eee45 Fixed #24046 -- Deprecated the "escape" half of utils.safestring. 2016-05-10 12:46:47 -04:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Aymeric Augustin 6d52f6f8e6 Fixed #23831 -- Supported strings escaped by third-party libs in Django.
Refs #7261 -- Made strings escaped by Django usable in third-party libs.

The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.

Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.

Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.

Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.

Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:

    if isinstance(text, SafeData):
        return text
    else:
        return escape(text)

render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.

This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.

Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00
Aymeric Augustin 5c5eb5fea4 Fixed an inconsistency introduced in 547b1810.
mark_safe and mark_for_escaping should have been kept similar.

On Python 2 this change has no effect. On Python 3 it fixes the use case
shown in the regression test for mark_for_escaping, which used to raise
a TypeError. The regression test for mark_safe is just for completeness.
2014-12-27 17:44:54 +01:00
Baptiste Mispelon a878bf9b09 Revert "Fixed #20296 -- Allowed SafeData and EscapeData to be lazy"
This reverts commit 2ee447fb5f.

That commit introduced a regression (#21882) and didn't really
do what it was supposed to: while it did delay the evaluation
of lazy objects passed to mark_safe(), they weren't actually
marked as such so they could end up being escaped twice.

Refs #21882.
2014-02-05 21:22:40 +01:00
Ray Ashman Jr e2ae8b048e Correct flake8 E302 violations 2013-11-02 19:53:29 -04:00
Alex Gaynor 7548aa8ffd More attacking E302 violators 2013-11-02 13:12:09 -07:00
Unai Zalakain af64429b99 Fixed #7261 -- support for __html__ for library interoperability
The idea is that if an object implements __html__ which returns a string this is
used as HTML representation (eg: on escaping). If the object is a str or unicode
subclass and returns itself the object is a safe string type.

This is an updated patch based on jbalogh and ivank patches.
2013-10-15 00:42:42 +02:00
Tim Graham 1dae4ac177 Whitespace cleanup.
* Removed trailing whitespace.
* Added newline to EOF if missing.
* Removed blank lines at EOF.
* Removed some stray tabs.
2013-10-10 16:49:20 -04:00
Baptiste Mispelon 2ee447fb5f Fixed #20296 -- Allowed SafeData and EscapeData to be lazy 2013-05-25 16:06:44 +02:00
Aymeric Augustin 547b181046 [py3] Ported django.utils.safestring.
Backwards compatibility aliases were created under Python 2.
2012-08-18 16:04:06 +02:00
Aymeric Augustin fe8484efda [py3] Ported django.utils.functional. 2012-08-07 12:00:23 +02:00
Aymeric Augustin bdca5ea345 [py3] Replaced unicode/str by six.text_type/bytes. 2012-07-22 09:29:54 +02:00
Malcolm Tredinnick 2e62b84acc Fixed #6071 -- Fixed another infinite recursion problem in SafeString and
SafeUnicode. Thanks, Trey Long.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6845 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-12-02 20:17:10 +00:00
Malcolm Tredinnick b2dbbd5bbc Fixed #6021 -- Removed some brain damage from SafeString. Not quite sure what I
was smoking there. Thanks, Jan Rademaker.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6807 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-12-01 20:08:45 +00:00
Malcolm Tredinnick ce73298e26 Fixed #5960 -- Fixed some Python 2.3 incompatibilities.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6685 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-17 12:58:06 +00:00
Malcolm Tredinnick 356662cf74 Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359
See documentation in templates.txt and templates_python.txt for how everything
works.

Backwards incompatible if you're inserting raw HTML output via template variables.

Based on an original design from Simon Willison and with debugging help from Michael Radziej.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6671 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 12:58:53 +00:00