diff --git a/django/utils/html.py b/django/utils/html.py index 014d837bbb3..fe2e6b7a29b 100644 --- a/django/utils/html.py +++ b/django/utils/html.py @@ -31,11 +31,11 @@ hard_coded_bullets_re = re.compile(r'((?:

(?:%s).*?[a-zA-Z].*?

\s*)+)' % '| trailing_empty_content_re = re.compile(r'(?:

(?: |\s|
)*?

\s*)+\Z') del x # Temporary variable -def escape(html): +def escape(text): """ - Returns the given HTML with ampersands, quotes and angle brackets encoded. + Returns the given text with ampersands, quotes and angle brackets encoded for use in HTML. """ - return mark_safe(force_unicode(html).replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", ''')) + return mark_safe(force_unicode(text).replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", ''')) escape = allow_lazy(escape, unicode) _base_js_escapes = ( @@ -63,14 +63,14 @@ def escapejs(value): return value escapejs = allow_lazy(escapejs, unicode) -def conditional_escape(html): +def conditional_escape(text): """ Similar to escape(), except that it doesn't operate on pre-escaped strings. """ - if isinstance(html, SafeData): - return html + if isinstance(text, SafeData): + return text else: - return escape(html) + return escape(text) def linebreaks(value, autoescape=False): """Converts newlines into

and
s.""" diff --git a/docs/ref/utils.txt b/docs/ref/utils.txt index 09744094539..549812296bc 100644 --- a/docs/ref/utils.txt +++ b/docs/ref/utils.txt @@ -387,6 +387,28 @@ Atom1Feed input is a proper string, then add support for lazy translation objects at the end. +``django.utils.html`` +===================== + +.. module:: django.utils.html + :synopsis: HTML helper functions + +Usually you should build up HTML using Django's templates to make use of its +autoescape mechanism, using the utilities in :mod:`django.utils.safestring` +where appropriate. This module provides some additional low level utilitiesfor +escaping HTML. + +.. function:: escape(text) + + Returns the given text with ampersands, quotes and angle brackets encoded + for use in HTML. The input is first passed through + :func:`~django.utils.encoding.force_unicode` and the output has + :func:`~django.utils.safestring.mark_safe` applied. + +.. function:: conditional_escape(text) + + Similar to ``escape()``, except that it doesn't operate on pre-escaped strings, + so it will not double escape. ``django.utils.http`` =====================