mirror of https://github.com/django/django.git
Documented utils.html.escape and conditional_escape
This commit is contained in:
parent
cf731a543e
commit
f33e150369
|
@ -31,11 +31,11 @@ hard_coded_bullets_re = re.compile(r'((?:<p>(?:%s).*?[a-zA-Z].*?</p>\s*)+)' % '|
|
|||
trailing_empty_content_re = re.compile(r'(?:<p>(?: |\s|<br \/>)*?</p>\s*)+\Z')
|
||||
del x # Temporary variable
|
||||
|
||||
def escape(html):
|
||||
def escape(text):
|
||||
"""
|
||||
Returns the given HTML with ampersands, quotes and angle brackets encoded.
|
||||
Returns the given text with ampersands, quotes and angle brackets encoded for use in HTML.
|
||||
"""
|
||||
return mark_safe(force_unicode(html).replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", '''))
|
||||
return mark_safe(force_unicode(text).replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", '''))
|
||||
escape = allow_lazy(escape, unicode)
|
||||
|
||||
_base_js_escapes = (
|
||||
|
@ -63,14 +63,14 @@ def escapejs(value):
|
|||
return value
|
||||
escapejs = allow_lazy(escapejs, unicode)
|
||||
|
||||
def conditional_escape(html):
|
||||
def conditional_escape(text):
|
||||
"""
|
||||
Similar to escape(), except that it doesn't operate on pre-escaped strings.
|
||||
"""
|
||||
if isinstance(html, SafeData):
|
||||
return html
|
||||
if isinstance(text, SafeData):
|
||||
return text
|
||||
else:
|
||||
return escape(html)
|
||||
return escape(text)
|
||||
|
||||
def linebreaks(value, autoescape=False):
|
||||
"""Converts newlines into <p> and <br />s."""
|
||||
|
|
|
@ -387,6 +387,28 @@ Atom1Feed
|
|||
input is a proper string, then add support for lazy translation objects at the
|
||||
end.
|
||||
|
||||
``django.utils.html``
|
||||
=====================
|
||||
|
||||
.. module:: django.utils.html
|
||||
:synopsis: HTML helper functions
|
||||
|
||||
Usually you should build up HTML using Django's templates to make use of its
|
||||
autoescape mechanism, using the utilities in :mod:`django.utils.safestring`
|
||||
where appropriate. This module provides some additional low level utilitiesfor
|
||||
escaping HTML.
|
||||
|
||||
.. function:: escape(text)
|
||||
|
||||
Returns the given text with ampersands, quotes and angle brackets encoded
|
||||
for use in HTML. The input is first passed through
|
||||
:func:`~django.utils.encoding.force_unicode` and the output has
|
||||
:func:`~django.utils.safestring.mark_safe` applied.
|
||||
|
||||
.. function:: conditional_escape(text)
|
||||
|
||||
Similar to ``escape()``, except that it doesn't operate on pre-escaped strings,
|
||||
so it will not double escape.
|
||||
|
||||
``django.utils.http``
|
||||
=====================
|
||||
|
|
Loading…
Reference in New Issue