Revert "Fixed #20296 -- Allowed SafeData and EscapeData to be lazy"
This reverts commit 2ee447fb5f
.
That commit introduced a regression (#21882) and didn't really
do what it was supposed to: while it did delay the evaluation
of lazy objects passed to mark_safe(), they weren't actually
marked as such so they could end up being escaped twice.
Refs #21882.
This commit is contained in:
parent
a0fc7fa5df
commit
a878bf9b09
|
@ -4,7 +4,7 @@ without further escaping in HTML. Marking something as a "safe string" means
|
||||||
that the producer of the string has already turned characters that should not
|
that the producer of the string has already turned characters that should not
|
||||||
be interpreted by the HTML engine (e.g. '<') into the appropriate entities.
|
be interpreted by the HTML engine (e.g. '<') into the appropriate entities.
|
||||||
"""
|
"""
|
||||||
from django.utils.functional import curry, Promise, allow_lazy
|
from django.utils.functional import curry, Promise
|
||||||
from django.utils import six
|
from django.utils import six
|
||||||
|
|
||||||
|
|
||||||
|
@ -16,14 +16,14 @@ class EscapeBytes(bytes, EscapeData):
|
||||||
"""
|
"""
|
||||||
A byte string that should be HTML-escaped when output.
|
A byte string that should be HTML-escaped when output.
|
||||||
"""
|
"""
|
||||||
__new__ = allow_lazy(bytes.__new__, bytes)
|
pass
|
||||||
|
|
||||||
|
|
||||||
class EscapeText(six.text_type, EscapeData):
|
class EscapeText(six.text_type, EscapeData):
|
||||||
"""
|
"""
|
||||||
A unicode string object that should be HTML-escaped when output.
|
A unicode string object that should be HTML-escaped when output.
|
||||||
"""
|
"""
|
||||||
__new__ = allow_lazy(six.text_type.__new__, six.text_type)
|
pass
|
||||||
|
|
||||||
if six.PY3:
|
if six.PY3:
|
||||||
EscapeString = EscapeText
|
EscapeString = EscapeText
|
||||||
|
@ -48,8 +48,6 @@ class SafeBytes(bytes, SafeData):
|
||||||
A bytes subclass that has been specifically marked as "safe" (requires no
|
A bytes subclass that has been specifically marked as "safe" (requires no
|
||||||
further escaping) for HTML output purposes.
|
further escaping) for HTML output purposes.
|
||||||
"""
|
"""
|
||||||
__new__ = allow_lazy(bytes.__new__, bytes)
|
|
||||||
|
|
||||||
def __add__(self, rhs):
|
def __add__(self, rhs):
|
||||||
"""
|
"""
|
||||||
Concatenating a safe byte string with another safe byte string or safe
|
Concatenating a safe byte string with another safe byte string or safe
|
||||||
|
@ -83,8 +81,6 @@ class SafeText(six.text_type, SafeData):
|
||||||
A unicode (Python 2) / str (Python 3) subclass that has been specifically
|
A unicode (Python 2) / str (Python 3) subclass that has been specifically
|
||||||
marked as "safe" for HTML output purposes.
|
marked as "safe" for HTML output purposes.
|
||||||
"""
|
"""
|
||||||
__new__ = allow_lazy(six.text_type.__new__, six.text_type)
|
|
||||||
|
|
||||||
def __add__(self, rhs):
|
def __add__(self, rhs):
|
||||||
"""
|
"""
|
||||||
Concatenating a safe unicode string with another safe byte string or
|
Concatenating a safe unicode string with another safe byte string or
|
||||||
|
|
|
@ -3,8 +3,8 @@ from __future__ import unicode_literals
|
||||||
from django.template import Template, Context
|
from django.template import Template, Context
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
from django.utils.encoding import force_text, force_bytes
|
from django.utils.encoding import force_text, force_bytes
|
||||||
from django.utils.functional import lazy, Promise
|
from django.utils.functional import lazy
|
||||||
from django.utils.safestring import mark_safe, mark_for_escaping
|
from django.utils.safestring import mark_safe, mark_for_escaping, SafeData, EscapeData
|
||||||
from django.utils import six
|
from django.utils import six
|
||||||
from django.utils import translation
|
from django.utils import translation
|
||||||
|
|
||||||
|
@ -28,8 +28,8 @@ class SafeStringTest(TestCase):
|
||||||
s = lazystr('a&b')
|
s = lazystr('a&b')
|
||||||
b = lazybytes(b'a&b')
|
b = lazybytes(b'a&b')
|
||||||
|
|
||||||
self.assertIsInstance(mark_safe(s), Promise)
|
self.assertIsInstance(mark_safe(s), SafeData)
|
||||||
self.assertIsInstance(mark_safe(b), Promise)
|
self.assertIsInstance(mark_safe(b), SafeData)
|
||||||
self.assertRenderEqual('{{ s }}', 'a&b', s=mark_safe(s))
|
self.assertRenderEqual('{{ s }}', 'a&b', s=mark_safe(s))
|
||||||
|
|
||||||
def test_mark_for_escaping(self):
|
def test_mark_for_escaping(self):
|
||||||
|
@ -41,15 +41,10 @@ class SafeStringTest(TestCase):
|
||||||
s = lazystr('a&b')
|
s = lazystr('a&b')
|
||||||
b = lazybytes(b'a&b')
|
b = lazybytes(b'a&b')
|
||||||
|
|
||||||
self.assertIsInstance(mark_for_escaping(s), Promise)
|
self.assertIsInstance(mark_for_escaping(s), EscapeData)
|
||||||
self.assertIsInstance(mark_for_escaping(b), Promise)
|
self.assertIsInstance(mark_for_escaping(b), EscapeData)
|
||||||
self.assertRenderEqual('{% autoescape off %}{{ s }}{% endautoescape %}', 'a&b', s=mark_for_escaping(s))
|
self.assertRenderEqual('{% autoescape off %}{{ s }}{% endautoescape %}', 'a&b', s=mark_for_escaping(s))
|
||||||
|
|
||||||
def test_regression_20296(self):
|
|
||||||
s = mark_safe(translation.ugettext_lazy("username"))
|
|
||||||
with translation.override('fr'):
|
|
||||||
self.assertRenderEqual('{{ s }}', "nom d'utilisateur", s=s)
|
|
||||||
|
|
||||||
def test_html(self):
|
def test_html(self):
|
||||||
s = '<h1>interop</h1>'
|
s = '<h1>interop</h1>'
|
||||||
self.assertEqual(s, mark_safe(s).__html__())
|
self.assertEqual(s, mark_safe(s).__html__())
|
||||||
|
|
Loading…
Reference in New Issue