mirror of https://github.com/django/django.git
Fixed #20221 -- Allowed some functions that use mark_safe() to result in SafeText.
Thanks Baptiste Mispelon for the report.
This commit is contained in:
parent
4fe6824ffd
commit
54e695331b
|
@ -10,7 +10,7 @@ from django.utils.deprecation import RemovedInDjango20Warning
|
|||
from django.utils.encoding import force_text, force_str
|
||||
from django.utils.functional import allow_lazy
|
||||
from django.utils.http import RFC3986_GENDELIMS, RFC3986_SUBDELIMS
|
||||
from django.utils.safestring import SafeData, mark_safe
|
||||
from django.utils.safestring import SafeData, SafeText, mark_safe
|
||||
from django.utils import six
|
||||
from django.utils.six.moves.urllib.parse import parse_qsl, quote, unquote, urlencode, urlsplit, urlunsplit
|
||||
from django.utils.text import normalize_newlines
|
||||
|
@ -47,7 +47,7 @@ def escape(text):
|
|||
"""
|
||||
return mark_safe(force_text(text).replace('&', '&').replace('<', '<')
|
||||
.replace('>', '>').replace('"', '"').replace("'", '''))
|
||||
escape = allow_lazy(escape, six.text_type)
|
||||
escape = allow_lazy(escape, six.text_type, SafeText)
|
||||
|
||||
_js_escapes = {
|
||||
ord('\\'): '\\u005C',
|
||||
|
@ -70,7 +70,7 @@ _js_escapes.update((ord('%c' % z), '\\u%04X' % z) for z in range(32))
|
|||
def escapejs(value):
|
||||
"""Hex encodes characters for use in JavaScript strings."""
|
||||
return mark_safe(force_text(value).translate(_js_escapes))
|
||||
escapejs = allow_lazy(escapejs, six.text_type)
|
||||
escapejs = allow_lazy(escapejs, six.text_type, SafeText)
|
||||
|
||||
|
||||
def conditional_escape(text):
|
||||
|
|
|
@ -12,7 +12,7 @@ from django.utils.functional import allow_lazy, SimpleLazyObject
|
|||
from django.utils import six
|
||||
from django.utils.six.moves import html_entities
|
||||
from django.utils.translation import ugettext_lazy, ugettext as _, pgettext
|
||||
from django.utils.safestring import mark_safe
|
||||
from django.utils.safestring import SafeText, mark_safe
|
||||
|
||||
if six.PY2:
|
||||
# Import force_unicode even though this module doesn't use it, because some
|
||||
|
@ -442,10 +442,11 @@ def slugify(value):
|
|||
underscores) and converts spaces to hyphens. Also strips leading and
|
||||
trailing whitespace.
|
||||
"""
|
||||
value = force_text(value)
|
||||
value = unicodedata.normalize('NFKD', value).encode('ascii', 'ignore').decode('ascii')
|
||||
value = re.sub('[^\w\s-]', '', value).strip().lower()
|
||||
return mark_safe(re.sub('[-\s]+', '-', value))
|
||||
slugify = allow_lazy(slugify, six.text_type)
|
||||
slugify = allow_lazy(slugify, six.text_type, SafeText)
|
||||
|
||||
|
||||
def camel_case_to_spaces(value):
|
||||
|
|
|
@ -6,6 +6,8 @@ from django.utils.encoding import force_text, force_bytes
|
|||
from django.utils.functional import lazy
|
||||
from django.utils.safestring import mark_safe, mark_for_escaping, SafeData, EscapeData
|
||||
from django.utils import six
|
||||
from django.utils import text
|
||||
from django.utils import html
|
||||
|
||||
lazystr = lazy(force_text, six.text_type)
|
||||
lazybytes = lazy(force_bytes, bytes)
|
||||
|
@ -47,3 +49,16 @@ class SafeStringTest(TestCase):
|
|||
def test_html(self):
|
||||
s = '<h1>interop</h1>'
|
||||
self.assertEqual(s, mark_safe(s).__html__())
|
||||
|
||||
def test_add_lazy_safe_text_and_safe_text(self):
|
||||
s = html.escape(lazystr('a'))
|
||||
s += mark_safe('&b')
|
||||
self.assertRenderEqual('{{ s }}', 'a&b', s=s)
|
||||
|
||||
s = html.escapejs(lazystr('a'))
|
||||
s += mark_safe('&b')
|
||||
self.assertRenderEqual('{{ s }}', 'a&b', s=s)
|
||||
|
||||
s = text.slugify(lazystr('a'))
|
||||
s += mark_safe('&b')
|
||||
self.assertRenderEqual('{{ s }}', 'a&b', s=s)
|
||||
|
|
Loading…
Reference in New Issue