Commit Graph

197 Commits

Author SHA1 Message Date
Ned Batchelder 3b81dbe844 Used %r in the TextNode repr to show newlines better. 2015-06-30 09:54:18 -04:00
Luke Plant aef2a0ec59 Fixed #25018 -- Changed simple_tag to apply conditional_escape() to its output.
This is a security hardening fix to help prevent XSS (and incorrect HTML)
for the common use case of simple_tag.

Thanks to Tim Graham for the review.
2015-06-29 08:16:19 -04:00
Noam e291fc4757 Fixed #25031 -- Fixed a regression in the unordered_list template filter. 2015-06-27 09:37:41 -04:00
Tim Graham aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap.
Forwardport of ae1d663b79
from stable/1.8.x plus more.
2015-06-24 16:08:20 -04:00
Matthew Somerville a391b17ad2 Fixed #23516 -- Added caching of include tag Template objects
This also speeds up for loops that render the same template
multiple times.
2015-06-06 09:25:11 -04:00
Tomáš Ehrlich 002b3d87b5 Fixed #24230 -- Added translated language name for i18n template tag/filter. 2015-06-02 16:04:01 -04:00
Paweł Marczewski 300e8baf94 Fixed #24847 -- Prevented items set on a RequestContext from being lost. 2015-05-27 10:04:57 -04:00
Preston Timmons 655f524915 Fixed #17085, #24783 -- Refactored template library registration.
* Converted the ``libraries`` and ``builtins`` globals of
  ``django.template.base`` into properties of the Engine class.
* Added a public API for explicit registration of libraries and builtins.
2015-05-21 09:12:06 -05:00
Simon Charette 8bf1449edb Refs #24652 -- Converted a template test to avoid executing queries. 2015-05-20 12:50:40 -04:00
Tim Graham 3b133ffb8b Fixed template_tests failure on Windows. 2015-04-28 07:55:27 -04:00
Preston Timmons fc21471526 Fixed #15053 -- Enabled recursive template loading. 2015-04-22 14:49:00 -05:00
Preston Timmons fb267a1d85 Updated template tests to create their own engine.
This continues work to treat Django templates as a library.
2015-04-20 09:11:37 -05:00
Tommy Beadle 6bfd864ff2 Fixed #24603 -- Allowed Context.update() to be used as a context manager. 2015-04-14 08:01:16 -04:00
Craig Oldford 75bc5bc634 Fixed #12199 -- Added the ability to use "as" with the firstof template tag. 2015-04-14 07:19:47 -04:00
Preston Timmons 0808ccce38 Fixed #23441, #24555 -- Improved the behavior of InclusionNode.
This change:

* Makes the InclusionNode cache-safe by removing render-time side effects
  to its nodelist.
* Ensures the render_context stack is properly scoped and reset by updating
  the render call to use Template.render rather than Nodelist.render.
2015-04-01 13:02:19 -04:00
Caroline Simpson dc5b01ad05 Fixed #18773 -- Added logging for template variable resolving
Added a django.template logger without a default handler. Added
logging if there is an exception while resolving variables in a
template.
2015-03-27 19:19:48 -04:00
Preston Timmons 55f12f8709 Cleaned up the template debug implementation.
This patch does three major things:

* Merges the django.template.debug implementation into django.template.base.

* Simplifies the debug implementation.

  The old implementation copied debug information to every token and node.
  The django_template_source attribute was set in multiple places, some
  quite hacky, like django.template.defaulttags.ForNode.

  Debug information is now annotated in two high-level places:

  * Template.compile_nodelist for errors during parsing
  * Node.render_annotated for errors during rendering

  These were chosen because they have access to the template and context
  as well as to all exceptions that happen during either the parse or
  render phase.

* Moves the contextual line traceback information creation from
  django.views.debug into django.template.base.Template. The debug views now
  only deal with the presentation of the debug information.
2015-03-20 08:58:07 -04:00
Preston Timmons 388e79e9fc Fixed #24493 -- Added BaseContext.setdefault() 2015-03-16 13:13:02 -04:00
Tim Graham 3ed9c7bdfe Fixed #24471 -- Enhanced urlize regex to exclude quotes and angle brackets. 2015-03-10 19:24:46 -04:00
Tim Graham 7b1a67cce5 Fixed escaping regression in urlize filter.
Now that the URL is always unescaped as of refs #22267,
we should re-escape it before inserting it into the anchor.
2015-03-10 18:58:34 -04:00
Erik Romijn fa350e2f30 Fixed #24464 -- Made built-in HTML template filter functions escape their input by default.
This may cause some backwards compatibility issues, but may also
resolve security issues in third party projects that fail to heed warnings
in our documentation.

Thanks Markus Holtermann for help with tests and docs.
2015-03-09 09:29:58 -04:00
Tim Graham c36b60836b Fixed #24451 -- Deprecated comma-separated {% cycle %} syntax. 2015-03-07 07:42:39 -05:00
Claude Paroz ec808e807a Fixed urlize regression with entities in query strings
Refs #22267.
Thanks Shai Berger for spotting the issue and Tim Graham for the
initial patch.
2015-03-06 22:20:14 +01:00
Preston Timmons fb7d681705 Fixed test_notafile_error to pass on Windows.
This test failed because a different error code is raised on Windows when
opening a directory. Since the particular message isn't as important to this
test as the fact that the original IOError is reraised, this fixes the test
by making the assertion more generic.
2015-03-05 12:14:19 -05:00
Preston Timmons 70123cf084 Fixed #24399 -- Made filesystem loaders use more specific exceptions. 2015-03-03 21:20:46 +01:00
Preston Timmons 358850781f Fixed #24372 - Replaced TokenParser usage with traditional parsing. 2015-03-02 18:25:28 -05:00
Preston Timmons 80d6b6b863 Fixed #24409 -- Combined the app_directories and filesystem loader implementation.
Besides the directories they look in, these two loaders are functionally
the same. This removes unnecessary code duplication between the two.
2015-03-02 07:53:58 -05:00
Preston Timmons 8e129b42ad Cleaned up template directory handling in template tests. 2015-02-24 14:00:03 +01:00
Preston Timmons 32c108a221 Combined TemplateTests and TemplateRegressionTests. 2015-02-24 14:00:03 +01:00
Preston Timmons 25a0b5cdcd Moved test_token_smart_split into ParserTests. 2015-02-24 14:00:03 +01:00
Preston Timmons 3d8fee6051 Moved ifchanged tests into syntax_tests/test_if_changed.py. 2015-02-24 14:00:02 +01:00
Preston Timmons f6d087b628 Moved cache tests into syntax_tests/test_cache.py. 2015-02-24 14:00:02 +01:00
Preston Timmons 250a3d1993 Moved RequestContextTests into test_context. 2015-02-24 14:00:02 +01:00
Preston Timmons ff67ce5076 Moved TemplateTagLoading cases into test_custom. 2015-02-24 14:00:02 +01:00
Preston Timmons 06ffc764a9 Moved include tests into syntax_tests/test_include.py. 2015-02-24 14:00:02 +01:00
Preston Timmons 441a47e1ef Moved ssi tests into syntax_tests/test_ssi.py. 2015-02-24 14:00:02 +01:00
Preston Timmons 1827aa9024 Cleaned up template loader tests. 2015-02-24 14:00:02 +01:00
Aymeric Augustin 1bfcc950ab Set context.template instead of context.engine while rendering.
This opens more possibilities, like accessing context.template.origin.

It also follows the chain of objects instead of following a shortcut.
2015-02-19 22:08:11 +01:00
Tim Graham 307c0f299a Refs #24324 -- Fixed Python 2 test failures when path to Django source contains non-ASCII characters. 2015-02-17 19:03:03 -05:00
Aymeric Augustin 15b711b5ee Deprecated TEMPLATE_DEBUG setting. 2015-02-15 20:47:04 +01:00
Aymeric Augustin 47ee7b48ad Fixed #24338 -- Accepted Template wrapper in {% extends %}.
Explicitly checking for django.template.Template subclasses is
preferrable to duck-typing because both the django.template.Template and
django.template.backends.django.Template have a render() method.

Thanks spectras for the report.
2015-02-14 10:21:06 +01:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Aymeric Augustin 31d3a35579 Fixed #24273 -- Allowed copying RequestContext more than once.
Thanks Collin Anderson for the report.
2015-02-05 13:21:50 +01:00
Preston Timmons 23c4cbc0fa Cleaned up formatting in template_tests.test_custom. 2015-02-04 09:47:24 -05:00
darkryder 9ec8aa5e5d Fixed #24149 -- Normalized tuple settings to lists. 2015-02-03 14:59:45 -05:00
Preston Timmons cd4282816d Fixed #18651 -- Enabled optional assignments for simple_tag(). 2015-02-03 10:44:33 -05:00
Aymeric Augustin 2133f3157e Fixed #24168 -- Allowed selecting a template engine in a few APIs.
Specifically in rendering shortcuts, template responses, and class-based
views that return template responses.

Also added a test for render_to_response(status=...) which was missing
from fdbfc980.

Thanks Tim and Carl for the review.
2015-02-03 08:29:45 +01:00
Tim Graham b84100e8e2 Removed usage of deprecated removetags in a template test. 2015-01-18 18:32:47 -05:00
Tim Graham bd93032191 Removed ssi/url tags from future per deprecation timeline; refs #21939. 2015-01-17 13:29:52 -05:00
Aymeric Augustin 79deb6a071 Accounted for multiple template engines in template responses. 2015-01-12 21:01:34 +01:00