Aymeric Augustin
6d52f6f8e6
Fixed #23831 -- Supported strings escaped by third-party libs in Django.
...
Refs #7261 -- Made strings escaped by Django usable in third-party libs.
The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.
Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.
Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.
Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.
Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:
if isinstance(text, SafeData):
return text
else:
return escape(text)
render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.
This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.
Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00
Jon Dufresne
4468c08d70
Fixed #23968 -- Replaced list comprehension with generators and dict comprehension
2014-12-08 07:58:23 -05:00
Berker Peksag
560b4207b1
Removed redundant numbered parameters from str.format().
...
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-12-03 14:27:38 -05:00
Baptiste Mispelon
c335c0fee9
Fixed #23914 -- Improved {% now %} to allow storing its result in the context.
...
Thanks to Tim for the review.
2014-11-25 22:11:35 +01:00
Aymeric Augustin
6294bd3903
Encapsulated TEMPLATE_DEBUG in Engine.
2014-11-23 11:54:17 +01:00
Aymeric Augustin
47a131b944
Encapsulated TEMPLATE_STRING_IF_INVALID in Engine.
2014-11-23 11:53:53 +01:00
Aymeric Augustin
37505b6397
Encapsulated TEMPLATE_CONTEXT_PROCESSORS in Engine.
...
Since RequestContext doesn't know its Engine until it's passed to
Template.render() -- and cannot without breaking a widely used public
API -- an elaborate hack is required to apply context processors.
2014-11-23 11:53:18 +01:00
Aymeric Augustin
98ac69af53
Encapsulated ALLOWED_INCLUDE_ROOTS in Engine.
2014-11-23 11:52:54 +01:00
Aymeric Augustin
246cfdeae3
Moved make_origin into the Engine class.
2014-11-23 11:52:45 +01:00
Aymeric Augustin
240ea67ce0
Move compile_string into the Engine class.
2014-11-23 11:52:25 +01:00
Aymeric Augustin
5b1bb40216
Added to each Context a reference to the Engine.
...
It's only available during the rendering.
2014-11-23 11:52:22 +01:00
Aymeric Augustin
a2dd08666c
Removed dependency of template loaders on Django settings.
2014-11-23 11:52:14 +01:00
Aymeric Augustin
29a977ab14
Moved template loaders management in Engine.
...
Passed the engine instance to loaders. This is a prerequisite for
looking up configuration on the engine instance instead of global
settings.
This is backwards incompatible for custom template loaders that override
__init__. However the documentation doesn't talk about __init__ and the
way to pass arguments to custom template loaders isn't specified. I'm
considering it a private API.
2014-11-23 11:52:12 +01:00
Aymeric Augustin
544a716da8
Removed unused API get_template_loaders.
...
It was introduced in a recent refactoring so this isn't an issue.
Then renamed _get_template_loaders to get_template_loaders.
2014-11-23 11:51:31 +01:00
Aymeric Augustin
572cdb4391
Introduced a template engine class.
...
Moved Django templates loading infrastructure there.
2014-11-23 09:29:53 +01:00
Aymeric Augustin
17012b6936
Deprecated dirs argument to override TEMPLATE_DIRS.
...
Cancels 2f0566fa
. Refs #4278 .
2014-11-23 09:29:33 +01:00
Aymeric Augustin
7331788300
Avoided rewrapping Contexts in render_to_response.
...
This change preserves backwards-compatibility for a very common misuse
of render_to_response which even occurred in the official documentation.
It fixes that misuse wherever it happened in the code base and docs.
Context.__init__ is documented as accepting a dict and nothing else.
Since Context is dict-like, Context(Context({})) could work to some
extent. However, things get complicated with RequestContext and that
gets in the way of refactoring the template engine. This is the real
rationale for this change.
2014-11-22 17:58:38 +01:00
Aymeric Augustin
f88ad710fa
Simplified caching of template context processors.
2014-11-19 21:35:39 +01:00
Aymeric Augustin
a97e72aaab
Simplified caching of templatetags modules.
2014-11-19 21:35:39 +01:00
Aymeric Augustin
fab26cf5e0
Removed support for function-based template loaders.
...
They were deprecated in Django 1.2 but not all the supporting code was
removed in Django 1.4. Since the remaining code was unlikely to be
functional (pun intended) e.g. it would crash unless the loader
function had an is_usable attribute, this commit completes the removal
immediately instead of starting another deprecation path.
2014-11-16 22:18:33 +01:00
Aymeric Augustin
e87bee6f50
Used get_template_loaders in the cached loader.
...
This ensures that enabling the cached loader doesn't change behavior.
(Before this commit, it did when the list contained unusable loaders.)
2014-11-16 21:41:44 +01:00
Aymeric Augustin
9eeb788cfb
Refactored getting the list of template loaders.
...
This provides the opportunity to move utility functions specific to the
Django Template Language outside of django.template.loader.
2014-11-16 21:41:44 +01:00
Aymeric Augustin
1851dcf377
Deprecated function-based loaders.
2014-11-16 21:41:42 +01:00
Aymeric Augustin
0bf99193f8
Removed obsolete comment.
...
It didn't account for class-based template loaders.
2014-11-16 21:40:54 +01:00
Aymeric Augustin
d58597a7b8
Refactored listing template subdirectories in apps.
...
This change has the nice side effect of removing code that ran at import
time and depended on the app registry at module level -- a notorious
cause of AppRegistryNotReady exceptions.
2014-11-16 21:28:43 +01:00
Aymeric Augustin
cd7146debe
Removed skip_template argument of locmem.Loader.load_template_source.
...
It didn't do anything, wasn't documented and wasn't used anywhere.
2014-11-16 21:28:37 +01:00
Aymeric Augustin
c211c59b4a
Removed the "test:" prefix from locmem template identifiers.
...
Since it isn't branded as a test utility any more and could be used for
other purposes than test code, that prefix no longer makes sense.
It wasn't used anywhere either.
2014-11-16 21:28:31 +01:00
Aymeric Augustin
2577ae6a08
Moved all template loaders under django.template.loaders.
...
Reformatted the code of base.Loader according to modern standards.
Turned the test template loader into a regular locmem.Loader -- but
didn't document it.
Added a normal deprecation path for BaseLoader which is a public API.
Added an accelerated deprecation path for TestTemplateLoader which is
a private API.
2014-11-16 21:28:26 +01:00
Grzegorz Slusarek
b4bb5cd0a3
Fixed #23585 - Corrected internal comment.
...
Removed misleading comment and provide correct one, explaining
idea behind hardcoded CSRF template context processor.
2014-11-15 14:07:31 +01:00
Tim Graham
42b5e4feea
Fixed #23730 -- Moved support for SimpleCookie HIGHEST_PROTOCOL pickling to http.cookie.
...
This fix is necessary for Python 3.5 compatibility (refs #23763 ).
Thanks Berker Peksag for review.
2014-11-12 19:04:45 +01:00
Aymeric Augustin
3bc7a14ea5
Normalized opening a file and decoding its content.
...
`io.open` is required on Python 2.7. Just `open` would work on Python 3.
2014-11-11 22:54:27 +01:00
Aymeric Augustin
b8ba73cd0c
Raised SuspiciousFileOperation in safe_join.
...
Added a test for the condition safe_join is designed to prevent.
Previously, a generic ValueError was raised. It was impossible to tell
an intentional exception raised to implement safe_join's contract from
an unintentional exception caused by incorrect inputs or unexpected
conditions. That resulted in bizarre exception catching patterns, which
this patch removes.
Since safe_join is a private API and since the change is unlikely to
create security issues for users who use it anyway -- at worst, an
uncaught SuspiciousFileOperation exception will bubble up -- it isn't
documented.
2014-11-11 19:05:14 +01:00
Luke Plant
b748a8bc67
Fixed #23789 -- TemplateResponse handles context differently from render
2014-11-10 14:47:45 +00:00
David Hoffman
03467368db
Fixed #23558 -- documented slugify limitations
2014-10-30 09:02:04 -04:00
Martin Matusiak
ae5dbe5aa8
Fixed comment typo in django/template/__init__.py
2014-10-04 08:00:00 -04:00
Tim Graham
12809e1609
Fixed #23489 -- Added numpy 1.9+ support in template lookups
2014-09-29 19:51:39 -04:00
Tim Graham
1101467ce0
Limited lines to 119 characters in django/
...
refs #23395 .
2014-09-05 09:22:16 -04:00
Claude Paroz
cfee67ae10
Added exception name in debug error message
...
This can help when some exception has no error message.
2014-08-26 21:10:54 +02:00
Unai Zalakain
5f2542f12a
Fixed #10190 -- Made HttpResponse charset customizable.
...
Thanks to Simon Charette, Aymeric Augustin, and Tim Graham
for reviews and contributions.
2014-08-19 17:34:38 -04:00
Jaap Roes
b3660d28f3
Fixed #23260 : Added generator support to defaultfilters.unordered_list.
2014-08-14 10:43:44 -04:00
Jaap Roes
e92b057e06
Fixed #23261 -- Deprecated old style list support for unordered_list filter.
2014-08-11 07:04:33 -04:00
Anubhav Joshi
0dd05c9e66
Fixed #16383 -- Raised the AttributeError raised in property of an object when used in a template.
...
Thanks maraujop for the report and Hiroki and Tim Graham for review.
2014-07-31 09:13:55 -04:00
qingfeng
08451f17d0
Fixed #23060 -- Prevented UnicodeDecodeError in debug templatetag
2014-07-26 18:03:19 +02:00
Anubhav Joshi
b1abfb3c59
Fixed #21707 -- Added helpful error message when using {{ block.super }} in base template.
...
Thanks mitar for the suggestion.
2014-07-24 14:22:19 -04:00
Tim Graham
38e001ab6c
Fixed #22789 -- Deprecated django.contrib.webdesign.
...
Moved the {% lorem %} tag to built-in tags.
2014-07-14 08:45:19 -04:00
Tim Graham
20ec9daf7c
Fixed #22933 -- Deprecated django.template.resolve_variable().
2014-07-01 17:29:41 -04:00
Moayad Mardini
868ff4e37c
Fixed #22798 -- `pluralize()` now adds plural_suffix for any `1 < d < 2`
...
Thanks Odd_Bloke for the report.
2014-06-10 16:04:43 -04:00
Susan Tan
484f3edf1e
Fixed #18400 -- Modified length template filter to return 0 for unknown variables.
...
Thanks Florian for the bug report, luyikei for the initial code patch, and
Bouke for the code review feedback.
2014-06-05 15:41:56 -04:00
e0ne
2aaa045c61
Fixed #13408 -- Deprecated silent unpacking exception passing in for template tag.
...
Thanks peterbe for the suggestion.
2014-04-08 13:55:17 -04:00
Alex Gaynor
778ce245dd
Corrected many style guide violations that the newest version of flake8 catches
2014-03-30 12:11:05 -07:00
Claude Paroz
bc315266c8
Fixed #22294 -- Prevented converting length filter output to string
...
Thanks Steve Pike for the report.
2014-03-22 16:39:46 +01:00
Tim Graham
1ea44a3abd
Switched {% cycle %} and {% firstof %} tags to auto-escape their variables per deprecation timeline.
...
refs #17906 .
2014-03-21 13:17:10 -04:00
Tim Graham
8b81dee60c
Removed fix_ampersands template filter per deprecation timeline.
...
Also removed related utility functions:
* django.utils.html.fix_ampersands
* django.utils.html.clean_html
2014-03-21 08:50:43 -04:00
Claude Paroz
210d0489c5
Fixed #21188 -- Introduced subclasses for to-be-removed-in-django-XX warnings
...
Thanks Anssi Kääriäinen for the idea and Simon Charette for the
review.
2014-03-08 09:57:40 +01:00
Rodolfo Carvalho
0d91225892
Fixed many typos in comments and docstrings.
...
Thanks Piotr Kasprzyk for help with the patch.
2014-03-03 07:38:09 -05:00
Tim Graham
72b080c2c8
Removed Django 1.5 upgrade hints for {% url %} tag.
...
Refs #19280 and Refs #19392 .
2014-02-28 07:18:45 -05:00
Patrick Robertson
6d18ab01d9
Removed incorrect statement from docstring
...
The docstring of FilterExpression said that it shouldn't be
instantiated from anywhere but the get_filters_from_token
helper function.
However, that helper function was deleted in commit
3ede006fc9
and FilterExpression
is instantiated from inside the compile_filter help function.
2014-02-23 12:33:29 +01:00
Baptiste Mispelon
7e1376c2b0
Fixed #21741 -- Fixed render_to_string to stop pushing empty dictionaries to its Context
...
Thanks to kezabelle for the report and original patch
and to numerodix for his improved patch.
2014-02-22 23:33:48 +01:00
Marek Wywiał
8274fa60f8
Made the new template.Context.flatten() method a public API.
...
That method was introduced in 9db4271bd1
.
Refs #21765 .
2014-02-16 15:18:45 +01:00
Baptiste Mispelon
9db4271bd1
Fixed bad comparison logic introduced in d97bf2e9c8
.
...
Refs #21765 .
Thanks to kezabelle for the quick report and to onjin
for providing the patch.
2014-02-15 22:58:03 +01:00
Marek Wywiał
d97bf2e9c8
Fixed #21765 -- Added support for comparing Context instances
2014-02-15 17:14:28 +01:00
Jeremy
f94f466cd3
Fixed #19496 -- Added truncatechars_html filter.
...
Thanks esevece for the suggestion and Nick Sandford and Martin Warne
for the inital work on the patch.
2014-02-13 10:27:27 -05:00
Aymeric Augustin
07ae47f7f8
Fixed #21959 -- Handled Inf/NaN in widthratio tag.
...
Thanks rmoe for the report and the patch.
2014-02-08 21:01:55 +01:00
Berker Peksag
5d263dee30
Fixed #21674 -- Deprecated the import_by_path() function in favor of import_string().
...
Thanks Aymeric Augustin for the suggestion and review.
2014-02-08 11:12:19 -05:00
Mitar
b041850853
Allowed more easily subclassing of BlockNode tags.
2014-02-08 07:22:11 -05:00
Baptiste Mispelon
34263c67b4
Moved the loader tags registration with the other builtins.
2014-01-19 20:11:32 +01:00
Florian Apolloner
f00243f36d
Don't try to load app directory templates from apps with a path (eg eggs)
2013-12-27 11:42:24 +01:00
Florian Apolloner
6aa1a31660
Properly app_template_dirs when INSTALLED_APPS change.
2013-12-27 11:17:25 +01:00
Aymeric Augustin
1716b7ce5a
Renamed AppCache to Apps.
...
Also renamed app_cache to apps and "app cache" to "app registry".
Deprecated AppCache.app_cache_ready() in favor of Apps.ready().
2013-12-24 12:25:17 +01:00
Aymeric Augustin
2fef9e5375
Moved apps back in the toplevel django namespace.
...
Reverted 4a56a93cc4
.
2013-12-22 11:39:55 +01:00
Aymeric Augustin
65cd74be8e
Stopped iterating on INSTALLED_APPS.
...
Used the app cache's get_app_configs() method instead.
2013-12-22 11:39:18 +01:00
Alex Gaynor
1b9cbef198
Small flake8 fixes -- number of blank lines between top level definitions
2013-12-19 20:43:34 -08:00
Alex Hill
832ab0dbaa
Fixed #21639 -- Implemented RenderContext.__getitem__
...
It's now consistent with RenderContext.get.
2013-12-20 01:02:50 +01:00
Loic Bistuer
6685713869
Fixed E127 pep8 warnings.
2013-12-14 11:59:15 -05:00
Aymeric Augustin
072e25eee7
Moved imports to the top of the defaultfilters module.
2013-12-10 21:32:58 +01:00
Christopher Medrela
7477a4ffde
Fixed E125 pep8 warnings
2013-11-28 08:50:11 -05:00
Pablo Martín
3ac823fc5b
Fixed #21460 -- Reenabled proper template precedence in find_template
...
Refs #20806 . Thanks Unai Zalakain for the review.
2013-11-22 11:09:51 +01:00
Tim Graham
98de90d3d8
Fixed spelling of compatibility.
2013-11-09 10:17:17 -05:00
Unai Zalakain
72f63bd24d
Fixed #17529 -- get_template_from_string default arguments break
...
``get_template_from_string`` default arguments were breaking
``assertTemplateUsed``. The solution has been to return only the names of the
templates with a ``name`` attribute distinct of ``None``. The default ``name``
kwarg of ``Template`` has been changed to ``None``, more pythonic than ``'<Unknown
Template>'``.
2013-11-08 17:10:37 +01:00
Alex Gaynor
c347f78cc1
Fixed all E226 violations
2013-11-03 10:08:55 -08:00
Alex Gaynor
fe995e6cbd
Fixed the remaining E302 violations int eh django package
2013-11-02 17:37:15 -07:00
Alex Gaynor
7548aa8ffd
More attacking E302 violators
2013-11-02 13:12:09 -07:00
Alex Gaynor
ee48f4af99
Merge pull request #1848 from rayashmanjr/master
...
Correct flake8 violation E261
2013-11-02 12:34:34 -07:00
Ray Ashman Jr
dcfc8fa972
Correct flake8 violation E261
2013-11-02 15:27:47 -04:00
Tim Graham
36ded01527
Fixed #21302 -- Fixed unused imports and import *.
2013-11-02 15:24:56 -04:00
Alex Gaynor
9bf5610890
Start attacking E231 violations
2013-10-24 10:30:03 -07:00
Alasdair Nicol
c3aa2948c6
Fixed #21298 -- Fixed E301 pep8 warnings
2013-10-23 13:45:03 +01:00
Tim Graham
1597503a01
Fixed E221 pep8 warnings.
2013-10-22 09:51:39 -04:00
Tim Graham
499cd912ca
Fixed E227 pep8 warnings
2013-10-21 08:52:21 -04:00
Alasdair Nicol
a800036981
Fixed #21287 -- Fixed E123 pep8 warnings
2013-10-18 10:07:39 +01:00
Alasdair Nicol
dfb4cb9970
Fixed #21285 -- Fixed E121,E122 pep8 warnings
2013-10-17 20:20:11 -04:00
Larry O'Neill
83b9bfea44
Fixed #21266 -- Fixed E201,E202 pep8 warnings.
2013-10-14 18:12:00 -04:00
Tim Graham
b67ab75e82
Fixed assorted flake8 errors.
2013-10-11 07:25:14 -04:00
Tim Graham
cec11a3336
Used "is" for comparisons with None.
2013-10-10 09:35:56 -04:00
Baptiste Mispelon
20472aa827
Fixed #21189 : Cleaned up usage of bare except clauses.
...
Thanks to berkerpeksag for the report and to claudep
for the review.
2013-10-05 11:50:03 +02:00
Aymeric Augustin
a5b062576b
Removed a few trailing backslashes.
...
We have always been at war with trailing backslashes.
2013-09-22 14:04:10 +02:00
Tim Graham
7fec5a2240
Fixed #7557 -- Added type checking to Variable initialization.
...
Thanks tobias for the suggestion and boblefrag and saz for work on the
patch.
2013-09-19 09:27:19 -04:00
Berker Peksag
2f0566fa61
Fixed #4278 -- Added a dirs parameter to a few functions to override TEMPLATE_DIRS.
...
* django.template.loader.get_template()
* django.template.loader.select_template()
* django.shortcuts.render()
* django.shortcuts.render_to_response()
Thanks amcnabb for the suggestion.
2013-09-18 07:37:08 -04:00
Tim Graham
7fe5b656c9
Prevented arbitrary file inclusion with {% ssi %} tag and relative paths.
...
Thanks Rainer Koirikivi for the report and draft patch.
This is a security fix; disclosure to follow shortly.
2013-09-10 21:02:48 -04:00
Gregor MacGregor
b2b763448f
Fixed #20841 -- Added messages to NotImplementedErrors
...
Thanks joseph at vertstudios.com for the suggestion.
2013-09-10 11:09:59 -04:00