1108 lines
38 KiB
Plaintext
1108 lines
38 KiB
Plaintext
============
|
|
Django Utils
|
|
============
|
|
|
|
.. module:: django.utils
|
|
:synopsis: Django's built-in utilities.
|
|
|
|
This document covers all stable modules in ``django.utils``. Most of the
|
|
modules in ``django.utils`` are designed for internal use and only the
|
|
following parts can be considered stable and thus backwards compatible as per
|
|
the :ref:`internal release deprecation policy <internal-release-deprecation-policy>`.
|
|
|
|
``django.utils.cache``
|
|
======================
|
|
|
|
.. module:: django.utils.cache
|
|
:synopsis: Helper functions for controlling caching.
|
|
|
|
This module contains helper functions for controlling caching. It does so by
|
|
managing the ``Vary`` header of responses. It includes functions to patch the
|
|
header of response objects directly and decorators that change functions to do
|
|
that header-patching themselves.
|
|
|
|
For information on the ``Vary`` header, see :rfc:`2616#section-14.44` section
|
|
14.44.
|
|
|
|
Essentially, the ``Vary`` HTTP header defines which headers a cache should take
|
|
into account when building its cache key. Requests with the same path but
|
|
different header content for headers named in ``Vary`` need to get different
|
|
cache keys to prevent delivery of wrong content.
|
|
|
|
For example, :doc:`internationalization </topics/i18n/index>` middleware would
|
|
need to distinguish caches by the ``Accept-language`` header.
|
|
|
|
.. function:: patch_cache_control(response, **kwargs)
|
|
|
|
This function patches the ``Cache-Control`` header by adding all keyword
|
|
arguments to it. The transformation is as follows:
|
|
|
|
* All keyword parameter names are turned to lowercase, and underscores
|
|
are converted to hyphens.
|
|
* If the value of a parameter is ``True`` (exactly ``True``, not just a
|
|
true value), only the parameter name is added to the header.
|
|
* All other parameters are added with their value, after applying
|
|
``str()`` to it.
|
|
|
|
.. function:: get_max_age(response)
|
|
|
|
Returns the max-age from the response Cache-Control header as an integer
|
|
(or ``None`` if it wasn't found or wasn't an integer).
|
|
|
|
.. function:: patch_response_headers(response, cache_timeout=None)
|
|
|
|
Adds some useful headers to the given ``HttpResponse`` object:
|
|
|
|
* ``ETag``
|
|
* ``Last-Modified``
|
|
* ``Expires``
|
|
* ``Cache-Control``
|
|
|
|
Each header is only added if it isn't already set.
|
|
|
|
``cache_timeout`` is in seconds. The :setting:`CACHE_MIDDLEWARE_SECONDS`
|
|
setting is used by default.
|
|
|
|
.. function:: add_never_cache_headers(response)
|
|
|
|
Adds headers to a response to indicate that a page should never be cached.
|
|
|
|
.. function:: patch_vary_headers(response, newheaders)
|
|
|
|
Adds (or updates) the ``Vary`` header in the given ``HttpResponse`` object.
|
|
``newheaders`` is a list of header names that should be in ``Vary``.
|
|
Existing headers in ``Vary`` aren't removed.
|
|
|
|
.. function:: get_cache_key(request, key_prefix=None)
|
|
|
|
Returns a cache key based on the request path. It can be used in the
|
|
request phase because it pulls the list of headers to take into account
|
|
from the global path registry and uses those to build a cache key to
|
|
check against.
|
|
|
|
If there is no headerlist stored, the page needs to be rebuilt, so this
|
|
function returns ``None``.
|
|
|
|
.. function:: learn_cache_key(request, response, cache_timeout=None, key_prefix=None)
|
|
|
|
Learns what headers to take into account for some request path from the
|
|
response object. It stores those headers in a global path registry so that
|
|
later access to that path will know what headers to take into account
|
|
without building the response object itself. The headers are named in
|
|
the ``Vary`` header of the response, but we want to prevent response
|
|
generation.
|
|
|
|
The list of headers to use for cache key generation is stored in the same
|
|
cache as the pages themselves. If the cache ages some data out of the
|
|
cache, this just means that we have to build the response once to get at
|
|
the Vary header and so at the list of headers to use for the cache key.
|
|
|
|
``django.utils.datastructures``
|
|
===============================
|
|
|
|
.. module:: django.utils.datastructures
|
|
:synopsis: Data structures that aren't in Python's standard library.
|
|
|
|
.. class:: SortedDict
|
|
|
|
.. deprecated:: 1.7
|
|
``SortedDict`` is deprecated and will be removed in Django 1.9. Use
|
|
:class:`collections.OrderedDict` instead.
|
|
|
|
The :class:`django.utils.datastructures.SortedDict` class is a dictionary
|
|
that keeps its keys in the order in which they're inserted.
|
|
|
|
Creating a new SortedDict
|
|
-------------------------
|
|
|
|
Creating a new ``SortedDict`` must be done in a way where ordering is
|
|
guaranteed. For example::
|
|
|
|
SortedDict({'b': 1, 'a': 2, 'c': 3})
|
|
|
|
will not work. Passing in a basic Python ``dict`` could produce unreliable
|
|
results. Instead do::
|
|
|
|
SortedDict([('b', 1), ('a', 2), ('c', 3)])
|
|
|
|
``django.utils.dateparse``
|
|
==========================
|
|
|
|
.. module:: django.utils.dateparse
|
|
:synopsis: Functions to parse datetime objects.
|
|
|
|
The functions defined in this module share the following properties:
|
|
|
|
- They raise :exc:`ValueError` if their input is well formatted but isn't a
|
|
valid date or time.
|
|
- They return ``None`` if it isn't well formatted at all.
|
|
- They accept up to picosecond resolution in input, but they truncate it to
|
|
microseconds, since that's what Python supports.
|
|
|
|
.. function:: parse_date(value)
|
|
|
|
Parses a string and returns a :class:`datetime.date`.
|
|
|
|
.. function:: parse_time(value)
|
|
|
|
Parses a string and returns a :class:`datetime.time`.
|
|
|
|
UTC offsets aren't supported; if ``value`` describes one, the result is
|
|
``None``.
|
|
|
|
.. function:: parse_datetime(value)
|
|
|
|
Parses a string and returns a :class:`datetime.datetime`.
|
|
|
|
UTC offsets are supported; if ``value`` describes one, the result's
|
|
``tzinfo`` attribute is a :class:`~django.utils.tzinfo.FixedOffset`
|
|
instance.
|
|
|
|
``django.utils.decorators``
|
|
===========================
|
|
|
|
.. module:: django.utils.decorators
|
|
:synopsis: Functions that help with creating decorators for views.
|
|
|
|
.. function:: method_decorator(decorator)
|
|
|
|
Converts a function decorator into a method decorator. See :ref:`decorating
|
|
class based views<decorating-class-based-views>` for example usage.
|
|
|
|
.. function:: decorator_from_middleware(middleware_class)
|
|
|
|
Given a middleware class, returns a view decorator. This lets you use
|
|
middleware functionality on a per-view basis. The middleware is created
|
|
with no params passed.
|
|
|
|
.. function:: decorator_from_middleware_with_args(middleware_class)
|
|
|
|
Like ``decorator_from_middleware``, but returns a function
|
|
that accepts the arguments to be passed to the middleware_class.
|
|
For example, the :func:`~django.views.decorators.cache.cache_page`
|
|
decorator is created from the ``CacheMiddleware`` like this::
|
|
|
|
cache_page = decorator_from_middleware_with_args(CacheMiddleware)
|
|
|
|
@cache_page(3600)
|
|
def my_view(request):
|
|
pass
|
|
|
|
``django.utils.encoding``
|
|
=========================
|
|
|
|
.. module:: django.utils.encoding
|
|
:synopsis: A series of helper functions to manage character encoding.
|
|
|
|
.. function:: python_2_unicode_compatible
|
|
|
|
A decorator that defines ``__unicode__`` and ``__str__`` methods under
|
|
Python 2. Under Python 3 it does nothing.
|
|
|
|
To support Python 2 and 3 with a single code base, define a ``__str__``
|
|
method returning text and apply this decorator to the class.
|
|
|
|
.. function:: smart_text(s, encoding='utf-8', strings_only=False, errors='strict')
|
|
|
|
Returns a text object representing ``s`` -- ``unicode`` on Python 2 and
|
|
``str`` on Python 3. Treats bytestrings using the ``encoding`` codec.
|
|
|
|
If ``strings_only`` is ``True``, don't convert (some) non-string-like
|
|
objects.
|
|
|
|
.. function:: smart_unicode(s, encoding='utf-8', strings_only=False, errors='strict')
|
|
|
|
Historical name of :func:`smart_text`. Only available under Python 2.
|
|
|
|
.. function:: is_protected_type(obj)
|
|
|
|
Determine if the object instance is of a protected type.
|
|
|
|
Objects of protected types are preserved as-is when passed to
|
|
``force_text(strings_only=True)``.
|
|
|
|
.. function:: force_text(s, encoding='utf-8', strings_only=False, errors='strict')
|
|
|
|
Similar to ``smart_text``, except that lazy instances are resolved to
|
|
strings, rather than kept as lazy objects.
|
|
|
|
If ``strings_only`` is ``True``, don't convert (some) non-string-like
|
|
objects.
|
|
|
|
.. function:: force_unicode(s, encoding='utf-8', strings_only=False, errors='strict')
|
|
|
|
Historical name of :func:`force_text`. Only available under Python 2.
|
|
|
|
.. function:: smart_bytes(s, encoding='utf-8', strings_only=False, errors='strict')
|
|
|
|
Returns a bytestring version of ``s``, encoded as specified in
|
|
``encoding``.
|
|
|
|
If ``strings_only`` is ``True``, don't convert (some) non-string-like
|
|
objects.
|
|
|
|
.. function:: force_bytes(s, encoding='utf-8', strings_only=False, errors='strict')
|
|
|
|
Similar to ``smart_bytes``, except that lazy instances are resolved to
|
|
bytestrings, rather than kept as lazy objects.
|
|
|
|
If ``strings_only`` is ``True``, don't convert (some) non-string-like
|
|
objects.
|
|
|
|
.. function:: smart_str(s, encoding='utf-8', strings_only=False, errors='strict')
|
|
|
|
Alias of :func:`smart_bytes` on Python 2 and :func:`smart_text` on Python
|
|
3. This function returns a ``str`` or a lazy string.
|
|
|
|
For instance, this is suitable for writing to :data:`sys.stdout` on
|
|
Python 2 and 3.
|
|
|
|
.. function:: force_str(s, encoding='utf-8', strings_only=False, errors='strict')
|
|
|
|
Alias of :func:`force_bytes` on Python 2 and :func:`force_text` on Python
|
|
3. This function always returns a ``str``.
|
|
|
|
.. function:: iri_to_uri(iri)
|
|
|
|
Convert an Internationalized Resource Identifier (IRI) portion to a URI
|
|
portion that is suitable for inclusion in a URL.
|
|
|
|
This is the algorithm from section 3.1 of :rfc:`3987#section-3.1`. However,
|
|
since we are assuming input is either UTF-8 or unicode already, we can
|
|
simplify things a little from the full method.
|
|
|
|
Returns an ASCII string containing the encoded result.
|
|
|
|
.. function:: filepath_to_uri(path)
|
|
|
|
Convert a file system path to a URI portion that is suitable for inclusion
|
|
in a URL. The path is assumed to be either UTF-8 or unicode.
|
|
|
|
This method will encode certain characters that would normally be
|
|
recognized as special characters for URIs. Note that this method does not
|
|
encode the ' character, as it is a valid character within URIs. See
|
|
``encodeURIComponent()`` JavaScript function for more details.
|
|
|
|
Returns an ASCII string containing the encoded result.
|
|
|
|
``django.utils.feedgenerator``
|
|
==============================
|
|
|
|
.. module:: django.utils.feedgenerator
|
|
:synopsis: Syndication feed generation library -- used for generating RSS, etc.
|
|
|
|
Sample usage::
|
|
|
|
>>> from django.utils import feedgenerator
|
|
>>> feed = feedgenerator.Rss201rev2Feed(
|
|
... title="Poynter E-Media Tidbits",
|
|
... link="http://www.poynter.org/column.asp?id=31",
|
|
... description="A group Weblog by the sharpest minds in online media/journalism/publishing.",
|
|
... language="en",
|
|
... )
|
|
>>> feed.add_item(
|
|
... title="Hello",
|
|
... link="http://www.holovaty.com/test/",
|
|
... description="Testing."
|
|
... )
|
|
>>> with open('test.rss', 'w') as fp:
|
|
... feed.write(fp, 'utf-8')
|
|
|
|
For simplifying the selection of a generator use ``feedgenerator.DefaultFeed``
|
|
which is currently ``Rss201rev2Feed``
|
|
|
|
For definitions of the different versions of RSS, see:
|
|
http://web.archive.org/web/20110718035220/http://diveintomark.org/archives/2004/02/04/incompatible-rss
|
|
|
|
.. function:: get_tag_uri(url, date)
|
|
|
|
Creates a TagURI.
|
|
|
|
See http://web.archive.org/web/20110514113830/http://diveintomark.org/archives/2004/05/28/howto-atom-id
|
|
|
|
SyndicationFeed
|
|
---------------
|
|
|
|
.. class:: SyndicationFeed
|
|
|
|
Base class for all syndication feeds. Subclasses should provide write().
|
|
|
|
.. method:: __init__(title, link, description, [language=None, author_email=None, author_name=None, author_link=None, subtitle=None, categories=None, feed_url=None, feed_copyright=None, feed_guid=None, ttl=None, **kwargs])
|
|
|
|
Initialize the feed with the given dictionary of metadata, which applies
|
|
to the entire feed.
|
|
|
|
Any extra keyword arguments you pass to ``__init__`` will be stored in
|
|
``self.feed``.
|
|
|
|
All parameters should be Unicode objects, except ``categories``, which
|
|
should be a sequence of Unicode objects.
|
|
|
|
.. method:: add_item(title, link, description, [author_email=None, author_name=None, author_link=None, pubdate=None, comments=None, unique_id=None, enclosure=None, categories=(), item_copyright=None, ttl=None, updateddate=None, **kwargs])
|
|
|
|
Adds an item to the feed. All args are expected to be Python ``unicode``
|
|
objects except ``pubdate`` and ``updateddate``, which are ``datetime.datetime``
|
|
objects, and ``enclosure``, which is an instance of the ``Enclosure`` class.
|
|
|
|
.. versionadded:: 1.7
|
|
|
|
The optional ``updateddate`` argument was added.
|
|
|
|
.. method:: num_items()
|
|
|
|
.. method:: root_attributes()
|
|
|
|
Return extra attributes to place on the root (i.e. feed/channel)
|
|
element. Called from ``write()``.
|
|
|
|
.. method:: add_root_elements(handler)
|
|
|
|
Add elements in the root (i.e. feed/channel) element.
|
|
Called from ``write()``.
|
|
|
|
.. method:: item_attributes(item)
|
|
|
|
Return extra attributes to place on each item (i.e. item/entry)
|
|
element.
|
|
|
|
.. method:: add_item_elements(handler, item)
|
|
|
|
Add elements on each item (i.e. item/entry) element.
|
|
|
|
.. method:: write(outfile, encoding)
|
|
|
|
Outputs the feed in the given encoding to ``outfile``, which is a
|
|
file-like object. Subclasses should override this.
|
|
|
|
.. method:: writeString(encoding)
|
|
|
|
Returns the feed in the given encoding as a string.
|
|
|
|
.. method:: latest_post_date()
|
|
|
|
Returns the latest ``pubdate`` or ``updateddate`` for all items in the
|
|
feed. If no items have either of these attributes this returns the
|
|
current date/time.
|
|
|
|
Enclosure
|
|
---------
|
|
|
|
.. class:: Enclosure
|
|
|
|
Represents an RSS enclosure
|
|
|
|
RssFeed
|
|
-------
|
|
|
|
.. class:: RssFeed(SyndicationFeed)
|
|
|
|
Rss201rev2Feed
|
|
--------------
|
|
|
|
.. class:: Rss201rev2Feed(RssFeed)
|
|
|
|
Spec: http://cyber.law.harvard.edu/rss/rss.html
|
|
|
|
RssUserland091Feed
|
|
------------------
|
|
|
|
.. class:: RssUserland091Feed(RssFeed)
|
|
|
|
Spec: http://backend.userland.com/rss091
|
|
|
|
Atom1Feed
|
|
---------
|
|
|
|
.. class:: Atom1Feed(SyndicationFeed)
|
|
|
|
Spec: http://tools.ietf.org/html/rfc4287
|
|
|
|
``django.utils.functional``
|
|
===========================
|
|
|
|
.. module:: django.utils.functional
|
|
:synopsis: Functional programming tools.
|
|
|
|
.. class:: cached_property(object, name)
|
|
|
|
The ``@cached_property`` decorator caches the result of a method with a
|
|
single ``self`` argument as a property. The cached result will persist
|
|
as long as the instance does, so if the instance is passed around and the
|
|
function subsequently invoked, the cached result will be returned.
|
|
|
|
Consider a typical case, where a view might need to call a model's method
|
|
to perform some computation, before placing the model instance into the
|
|
context, where the template might invoke the method once more:
|
|
|
|
.. code-block:: python
|
|
|
|
# the model
|
|
class Person(models.Model):
|
|
|
|
def friends(self):
|
|
# expensive computation
|
|
...
|
|
return friends
|
|
|
|
# in the view:
|
|
if person.friends():
|
|
|
|
# in the template:
|
|
{% for friend in person.friends %}
|
|
|
|
Here, ``friends()`` will be called twice. Since the instance ``person`` in
|
|
the view and the template are the same, ``@cached_property`` can avoid
|
|
that::
|
|
|
|
from django.utils.functional import cached_property
|
|
|
|
@cached_property
|
|
def friends(self):
|
|
# expensive computation
|
|
...
|
|
return friends
|
|
|
|
Note that as the method is now a property, in Python code it will need to
|
|
be invoked appropriately::
|
|
|
|
# in the view:
|
|
if person.friends:
|
|
|
|
The cached value can be treated like an ordinary attribute of the instance::
|
|
|
|
# clear it, requiring re-computation next time it's called
|
|
del person.friends # or delattr(person, "friends")
|
|
|
|
# set a value manually, that will persist on the instance until cleared
|
|
person.friends = ["Huckleberry Finn", "Tom Sawyer"]
|
|
|
|
As well as offering potential performance advantages, ``@cached_property``
|
|
can ensure that an attribute's value does not change unexpectedly over the
|
|
life of an instance. This could occur with a method whose computation is
|
|
based on ``datetime.now()``, or simply if a change were saved to the
|
|
database by some other process in the brief interval between subsequent
|
|
invocations of a method on the same instance.
|
|
|
|
.. versionadded:: 1.8
|
|
|
|
You can use the ``name`` argument to make cached properties of other
|
|
methods. For example, if you had an expensive ``get_friends()`` method and
|
|
wanted to allow calling it without retrieving the cached value, you could
|
|
write::
|
|
|
|
friends = cached_property(get_friends, name='friends')
|
|
|
|
While ``person.get_friends()`` will recompute the friends on each call, the
|
|
value of the cached property will persist until you delete it as described
|
|
above::
|
|
|
|
x = person.friends # calls first time
|
|
y = person.get_friends() # calls again
|
|
z = person.friends # does not call
|
|
x is z # is True
|
|
|
|
.. function:: allow_lazy(func, *resultclasses)
|
|
|
|
Django offers many utility functions (particularly in ``django.utils``)
|
|
that take a string as their first argument and do something to that string.
|
|
These functions are used by template filters as well as directly in other
|
|
code.
|
|
|
|
If you write your own similar functions and deal with translations, you'll
|
|
face the problem of what to do when the first argument is a lazy
|
|
translation object. You don't want to convert it to a string immediately,
|
|
because you might be using this function outside of a view (and hence the
|
|
current thread's locale setting will not be correct).
|
|
|
|
For cases like this, use the ``django.utils.functional.allow_lazy()``
|
|
decorator. It modifies the function so that *if* it's called with a lazy
|
|
translation as one of its arguments, the function evaluation is delayed
|
|
until it needs to be converted to a string.
|
|
|
|
For example::
|
|
|
|
from django.utils.functional import allow_lazy
|
|
|
|
def fancy_utility_function(s, ...):
|
|
# Do some conversion on string 's'
|
|
...
|
|
# Replace unicode by str on Python 3
|
|
fancy_utility_function = allow_lazy(fancy_utility_function, unicode)
|
|
|
|
The ``allow_lazy()`` decorator takes, in addition to the function to
|
|
decorate, a number of extra arguments (``*args``) specifying the type(s)
|
|
that the original function can return. Usually, it's enough to include
|
|
``unicode`` (or ``str`` on Python 3) here and ensure that your function
|
|
returns only Unicode strings.
|
|
|
|
Using this decorator means you can write your function and assume that the
|
|
input is a proper string, then add support for lazy translation objects at
|
|
the end.
|
|
|
|
``django.utils.html``
|
|
=====================
|
|
|
|
.. module:: django.utils.html
|
|
:synopsis: HTML helper functions
|
|
|
|
Usually you should build up HTML using Django's templates to make use of its
|
|
autoescape mechanism, using the utilities in :mod:`django.utils.safestring`
|
|
where appropriate. This module provides some additional low level utilities for
|
|
escaping HTML.
|
|
|
|
.. function:: escape(text)
|
|
|
|
Returns the given text with ampersands, quotes and angle brackets encoded
|
|
for use in HTML. The input is first passed through
|
|
:func:`~django.utils.encoding.force_text` and the output has
|
|
:func:`~django.utils.safestring.mark_safe` applied.
|
|
|
|
.. function:: conditional_escape(text)
|
|
|
|
Similar to ``escape()``, except that it doesn't operate on pre-escaped
|
|
strings, so it will not double escape.
|
|
|
|
.. function:: format_html(format_string, *args, **kwargs)
|
|
|
|
This is similar to `str.format`_, except that it is appropriate for
|
|
building up HTML fragments. All args and kwargs are passed through
|
|
:func:`conditional_escape` before being passed to ``str.format``.
|
|
|
|
For the case of building up small HTML fragments, this function is to be
|
|
preferred over string interpolation using ``%`` or ``str.format`` directly,
|
|
because it applies escaping to all arguments - just like the Template system
|
|
applies escaping by default.
|
|
|
|
So, instead of writing:
|
|
|
|
.. code-block:: python
|
|
|
|
mark_safe("%s <b>%s</b> %s" % (some_html,
|
|
escape(some_text),
|
|
escape(some_other_text),
|
|
))
|
|
|
|
you should instead use:
|
|
|
|
.. code-block:: python
|
|
|
|
format_html("{0} <b>{1}</b> {2}",
|
|
mark_safe(some_html), some_text, some_other_text)
|
|
|
|
This has the advantage that you don't need to apply :func:`escape` to each
|
|
argument and risk a bug and an XSS vulnerability if you forget one.
|
|
|
|
Note that although this function uses ``str.format`` to do the
|
|
interpolation, some of the formatting options provided by `str.format`_
|
|
(e.g. number formatting) will not work, since all arguments are passed
|
|
through :func:`conditional_escape` which (ultimately) calls
|
|
:func:`~django.utils.encoding.force_text` on the values.
|
|
|
|
.. function:: format_html_join(sep, format_string, args_generator)
|
|
|
|
A wrapper of :func:`format_html`, for the common case of a group of
|
|
arguments that need to be formatted using the same format string, and then
|
|
joined using ``sep``. ``sep`` is also passed through
|
|
:func:`conditional_escape`.
|
|
|
|
``args_generator`` should be an iterator that returns the sequence of
|
|
``args`` that will be passed to :func:`format_html`. For example::
|
|
|
|
format_html_join('\n', "<li>{0} {1}</li>", ((u.first_name, u.last_name)
|
|
for u in users))
|
|
|
|
.. function:: strip_tags(value)
|
|
|
|
Tries to remove anything that looks like an HTML tag from the string, that
|
|
is anything contained within ``<>``.
|
|
|
|
Absolutely NO guarantee is provided about the resulting string being
|
|
HTML safe. So NEVER mark safe the result of a ``strip_tag`` call without
|
|
escaping it first, for example with :func:`~django.utils.html.escape`.
|
|
|
|
For example::
|
|
|
|
strip_tags(value)
|
|
|
|
If ``value`` is ``"<b>Joel</b> <button>is</button> a <span>slug</span>"``
|
|
the return value will be ``"Joel is a slug"``.
|
|
|
|
If you are looking for a more robust solution, take a look at the `bleach`_
|
|
Python library.
|
|
|
|
.. _bleach: https://pypi.python.org/pypi/bleach
|
|
|
|
.. function:: remove_tags(value, tags)
|
|
|
|
Removes a space-separated list of [X]HTML tag names from the output.
|
|
|
|
Absolutely NO guarantee is provided about the resulting string being HTML
|
|
safe. In particular, it doesn't work recursively, so the output of
|
|
``remove_tags("<sc<script>ript>alert('XSS')</sc</script>ript>", "script")``
|
|
won't remove the "nested" script tags. So if the ``value`` is untrusted,
|
|
NEVER mark safe the result of a ``remove_tags()`` call without escaping it
|
|
first, for example with :func:`~django.utils.html.escape`.
|
|
|
|
For example::
|
|
|
|
remove_tags(value, "b span")
|
|
|
|
If ``value`` is ``"<b>Joel</b> <button>is</button> a <span>slug</span>"``
|
|
the return value will be ``"Joel <button>is</button> a slug"``.
|
|
|
|
Note that this filter is case-sensitive.
|
|
|
|
If ``value`` is ``"<B>Joel</B> <button>is</button> a <span>slug</span>"``
|
|
the return value will be ``"<B>Joel</B> <button>is</button> a slug"``.
|
|
|
|
.. _str.format: http://docs.python.org/library/stdtypes.html#str.format
|
|
|
|
``django.utils.http``
|
|
=====================
|
|
|
|
.. module:: django.utils.http
|
|
:synopsis: HTTP helper functions. (URL encoding, cookie handling, ...)
|
|
|
|
.. function:: urlquote(url, safe='/')
|
|
|
|
A version of Python's ``urllib.quote()`` function that can operate on
|
|
unicode strings. The url is first UTF-8 encoded before quoting. The
|
|
returned string can safely be used as part of an argument to a subsequent
|
|
``iri_to_uri()`` call without double-quoting occurring. Employs lazy
|
|
execution.
|
|
|
|
.. function:: urlquote_plus(url, safe='')
|
|
|
|
A version of Python's urllib.quote_plus() function that can operate on
|
|
unicode strings. The url is first UTF-8 encoded before quoting. The
|
|
returned string can safely be used as part of an argument to a subsequent
|
|
``iri_to_uri()`` call without double-quoting occurring. Employs lazy
|
|
execution.
|
|
|
|
.. function:: urlencode(query, doseq=0)
|
|
|
|
A version of Python's urllib.urlencode() function that can operate on
|
|
unicode strings. The parameters are first case to UTF-8 encoded strings
|
|
and then encoded as per normal.
|
|
|
|
.. function:: cookie_date(epoch_seconds=None)
|
|
|
|
Formats the time to ensure compatibility with Netscape's cookie standard.
|
|
|
|
Accepts a floating point number expressed in seconds since the epoch in
|
|
UTC--such as that outputted by ``time.time()``. If set to ``None``,
|
|
defaults to the current time.
|
|
|
|
Outputs a string in the format ``Wdy, DD-Mon-YYYY HH:MM:SS GMT``.
|
|
|
|
.. function:: http_date(epoch_seconds=None)
|
|
|
|
Formats the time to match the :rfc:`1123` date format as specified by HTTP
|
|
:rfc:`2616#section-3.3.1` section 3.3.1.
|
|
|
|
Accepts a floating point number expressed in seconds since the epoch in
|
|
UTC--such as that outputted by ``time.time()``. If set to ``None``,
|
|
defaults to the current time.
|
|
|
|
Outputs a string in the format ``Wdy, DD Mon YYYY HH:MM:SS GMT``.
|
|
|
|
.. function:: base36_to_int(s)
|
|
|
|
Converts a base 36 string to an integer. On Python 2 the output is
|
|
guaranteed to be an ``int`` and not a ``long``.
|
|
|
|
.. function:: int_to_base36(i)
|
|
|
|
Converts a positive integer to a base 36 string. On Python 2 ``i`` must be
|
|
smaller than `sys.maxint`_.
|
|
|
|
.. _sys.maxint: http://docs.python.org/2/library/sys.html#sys.maxint
|
|
|
|
.. function:: urlsafe_base64_encode(s)
|
|
|
|
Encodes a bytestring in base64 for use in URLs, stripping any trailing
|
|
equal signs.
|
|
|
|
.. function:: urlsafe_base64_decode(s)
|
|
|
|
Decodes a base64 encoded string, adding back any trailing equal signs that
|
|
might have been stripped.
|
|
|
|
``django.utils.module_loading``
|
|
===============================
|
|
|
|
.. module:: django.utils.module_loading
|
|
:synopsis: Functions for working with Python modules.
|
|
|
|
Functions for working with Python modules.
|
|
|
|
.. function:: import_string(dotted_path)
|
|
|
|
.. versionadded:: 1.7
|
|
|
|
Imports a dotted module path and returns the attribute/class designated by
|
|
the last name in the path. Raises ``ImportError`` if the import failed. For
|
|
example::
|
|
|
|
from django.utils.module_loading import import_string
|
|
ValidationError = import_string('django.core.exceptions.ValidationError')
|
|
|
|
is equivalent to::
|
|
|
|
from django.core.exceptions import ValidationError
|
|
|
|
.. function:: import_by_path(dotted_path, error_prefix='')
|
|
|
|
.. deprecated:: 1.7
|
|
Use :meth:`~django.utils.module_loading.import_string` instead.
|
|
|
|
Imports a dotted module path and returns the attribute/class designated by
|
|
the last name in the path. Raises :exc:`~django.core.exceptions.ImproperlyConfigured`
|
|
if something goes wrong.
|
|
|
|
``django.utils.safestring``
|
|
===========================
|
|
|
|
.. module:: django.utils.safestring
|
|
:synopsis: Functions and classes for working with strings that can be displayed safely without further escaping in HTML.
|
|
|
|
Functions and classes for working with "safe strings": strings that can be
|
|
displayed safely without further escaping in HTML. Marking something as a "safe
|
|
string" means that the producer of the string has already turned characters
|
|
that should not be interpreted by the HTML engine (e.g. '<') into the
|
|
appropriate entities.
|
|
|
|
.. class:: SafeBytes
|
|
|
|
A ``bytes`` subclass that has been specifically marked as "safe"
|
|
(requires no further escaping) for HTML output purposes.
|
|
|
|
.. class:: SafeString
|
|
|
|
A ``str`` subclass that has been specifically marked as "safe"
|
|
(requires no further escaping) for HTML output purposes. This is
|
|
:class:`SafeBytes` on Python 2 and :class:`SafeText` on Python 3.
|
|
|
|
.. class:: SafeText
|
|
|
|
A ``str`` (in Python 3) or ``unicode`` (in Python 2) subclass
|
|
that has been specifically marked as "safe" for HTML output purposes.
|
|
|
|
.. class:: SafeUnicode
|
|
|
|
Historical name of :class:`SafeText`. Only available under Python 2.
|
|
|
|
.. function:: mark_safe(s)
|
|
|
|
Explicitly mark a string as safe for (HTML) output purposes. The returned
|
|
object can be used everywhere a string or unicode object is appropriate.
|
|
|
|
Can be called multiple times on a single string.
|
|
|
|
String marked safe will become unsafe again if modified. For example::
|
|
|
|
>>> mystr = '<b>Hello World</b> '
|
|
>>> mystr = mark_safe(mystr)
|
|
>>> type(mystr)
|
|
<class 'django.utils.safestring.SafeBytes'>
|
|
|
|
>>> mystr = mystr.strip() # removing whitespace
|
|
>>> type(mystr)
|
|
<type 'str'>
|
|
|
|
.. function:: mark_for_escaping(s)
|
|
|
|
Explicitly mark a string as requiring HTML escaping upon output. Has no
|
|
effect on ``SafeData`` subclasses.
|
|
|
|
Can be called multiple times on a single string (the resulting escaping is
|
|
only applied once).
|
|
|
|
``django.utils.text``
|
|
=====================
|
|
|
|
.. module:: django.utils.text
|
|
:synopsis: Text manipulation.
|
|
|
|
.. function:: slugify
|
|
|
|
Converts to lowercase, removes non-word characters (alphanumerics and
|
|
underscores) and converts spaces to hyphens. Also strips leading and
|
|
trailing whitespace.
|
|
|
|
For example::
|
|
|
|
slugify(value)
|
|
|
|
If ``value`` is ``"Joel is a slug"``, the output will be
|
|
``"joel-is-a-slug"``.
|
|
|
|
.. _time-zone-selection-functions:
|
|
|
|
``django.utils.timezone``
|
|
=========================
|
|
|
|
.. module:: django.utils.timezone
|
|
:synopsis: Timezone support.
|
|
|
|
.. data:: utc
|
|
|
|
:class:`~datetime.tzinfo` instance that represents UTC.
|
|
|
|
.. function:: get_fixed_timezone(offset)
|
|
|
|
.. versionadded:: 1.7
|
|
|
|
Returns a :class:`~datetime.tzinfo` instance that represents a time zone
|
|
with a fixed offset from UTC.
|
|
|
|
``offset`` is a :class:`datetime.timedelta` or an integer number of
|
|
minutes. Use positive values for time zones east of UTC and negative
|
|
values for west of UTC.
|
|
|
|
.. function:: get_default_timezone()
|
|
|
|
Returns a :class:`~datetime.tzinfo` instance that represents the
|
|
:ref:`default time zone <default-current-time-zone>`.
|
|
|
|
.. function:: get_default_timezone_name()
|
|
|
|
Returns the name of the :ref:`default time zone
|
|
<default-current-time-zone>`.
|
|
|
|
.. function:: get_current_timezone()
|
|
|
|
Returns a :class:`~datetime.tzinfo` instance that represents the
|
|
:ref:`current time zone <default-current-time-zone>`.
|
|
|
|
.. function:: get_current_timezone_name()
|
|
|
|
Returns the name of the :ref:`current time zone
|
|
<default-current-time-zone>`.
|
|
|
|
.. function:: activate(timezone)
|
|
|
|
Sets the :ref:`current time zone <default-current-time-zone>`. The
|
|
``timezone`` argument must be an instance of a :class:`~datetime.tzinfo`
|
|
subclass or, if pytz_ is available, a time zone name.
|
|
|
|
.. function:: deactivate()
|
|
|
|
Unsets the :ref:`current time zone <default-current-time-zone>`.
|
|
|
|
.. function:: override(timezone)
|
|
|
|
This is a Python context manager that sets the :ref:`current time zone
|
|
<default-current-time-zone>` on entry with :func:`activate()`, and restores
|
|
the previously active time zone on exit. If the ``timezone`` argument is
|
|
``None``, the :ref:`current time zone <default-current-time-zone>` is unset
|
|
on entry with :func:`deactivate()` instead.
|
|
|
|
.. function:: localtime(value, timezone=None)
|
|
|
|
Converts an aware :class:`~datetime.datetime` to a different time zone,
|
|
by default the :ref:`current time zone <default-current-time-zone>`.
|
|
|
|
This function doesn't work on naive datetimes; use :func:`make_aware`
|
|
instead.
|
|
|
|
.. function:: now()
|
|
|
|
Returns a :class:`~datetime.datetime` that represents the
|
|
current point in time. Exactly what's returned depends on the value of
|
|
:setting:`USE_TZ`:
|
|
|
|
* If :setting:`USE_TZ` is ``False``, this will be a
|
|
:ref:`naive <naive_vs_aware_datetimes>` datetime (i.e. a datetime
|
|
without an associated timezone) that represents the current time
|
|
in the system's local timezone.
|
|
|
|
* If :setting:`USE_TZ` is ``True``, this will be an
|
|
:ref:`aware <naive_vs_aware_datetimes>` datetime representing the
|
|
current time in UTC. Note that :func:`now` will always return
|
|
times in UTC regardless of the value of :setting:`TIME_ZONE`;
|
|
you can use :func:`localtime` to convert to a time in the current
|
|
time zone.
|
|
|
|
.. function:: is_aware(value)
|
|
|
|
Returns ``True`` if ``value`` is aware, ``False`` if it is naive. This
|
|
function assumes that ``value`` is a :class:`~datetime.datetime`.
|
|
|
|
.. function:: is_naive(value)
|
|
|
|
Returns ``True`` if ``value`` is naive, ``False`` if it is aware. This
|
|
function assumes that ``value`` is a :class:`~datetime.datetime`.
|
|
|
|
.. function:: make_aware(value, timezone)
|
|
|
|
Returns an aware :class:`~datetime.datetime` that represents the same
|
|
point in time as ``value`` in ``timezone``, ``value`` being a naive
|
|
:class:`~datetime.datetime`.
|
|
|
|
This function can raise an exception if ``value`` doesn't exist or is
|
|
ambiguous because of DST transitions.
|
|
|
|
.. function:: make_naive(value, timezone)
|
|
|
|
Returns an naive :class:`~datetime.datetime` that represents in
|
|
``timezone`` the same point in time as ``value``, ``value`` being an
|
|
aware :class:`~datetime.datetime`
|
|
|
|
.. _pytz: http://pytz.sourceforge.net/
|
|
|
|
``django.utils.translation``
|
|
============================
|
|
|
|
.. module:: django.utils.translation
|
|
:synopsis: Internationalization support.
|
|
|
|
For a complete discussion on the usage of the following see the
|
|
:doc:`translation documentation </topics/i18n/translation>`.
|
|
|
|
.. function:: gettext(message)
|
|
|
|
Translates ``message`` and returns it in a UTF-8 bytestring
|
|
|
|
.. function:: ugettext(message)
|
|
|
|
Translates ``message`` and returns it in a unicode string
|
|
|
|
.. function:: pgettext(context, message)
|
|
|
|
Translates ``message`` given the ``context`` and returns
|
|
it in a unicode string.
|
|
|
|
For more information, see :ref:`contextual-markers`.
|
|
|
|
.. function:: gettext_lazy(message)
|
|
.. function:: ugettext_lazy(message)
|
|
.. function:: pgettext_lazy(context, message)
|
|
|
|
Same as the non-lazy versions above, but using lazy execution.
|
|
|
|
See :ref:`lazy translations documentation <lazy-translations>`.
|
|
|
|
.. function:: gettext_noop(message)
|
|
.. function:: ugettext_noop(message)
|
|
|
|
Marks strings for translation but doesn't translate them now. This can be
|
|
used to store strings in global variables that should stay in the base
|
|
language (because they might be used externally) and will be translated
|
|
later.
|
|
|
|
.. function:: ngettext(singular, plural, number)
|
|
|
|
Translates ``singular`` and ``plural`` and returns the appropriate string
|
|
based on ``number`` in a UTF-8 bytestring.
|
|
|
|
.. function:: ungettext(singular, plural, number)
|
|
|
|
Translates ``singular`` and ``plural`` and returns the appropriate string
|
|
based on ``number`` in a unicode string.
|
|
|
|
.. function:: npgettext(context, singular, plural, number)
|
|
|
|
Translates ``singular`` and ``plural`` and returns the appropriate string
|
|
based on ``number`` and the ``context`` in a unicode string.
|
|
|
|
.. function:: ngettext_lazy(singular, plural, number)
|
|
.. function:: ungettext_lazy(singular, plural, number)
|
|
.. function:: npgettext_lazy(context, singular, plural, number)
|
|
|
|
Same as the non-lazy versions above, but using lazy execution.
|
|
|
|
See :ref:`lazy translations documentation <lazy-translations>`.
|
|
|
|
.. function:: string_concat(*strings)
|
|
|
|
Lazy variant of string concatenation, needed for translations that are
|
|
constructed from multiple parts.
|
|
|
|
.. function:: activate(language)
|
|
|
|
Fetches the translation object for a given language and activates it as
|
|
the current translation object for the current thread.
|
|
|
|
.. function:: deactivate()
|
|
|
|
Deactivates the currently active translation object so that further _ calls
|
|
will resolve against the default translation object, again.
|
|
|
|
.. function:: deactivate_all()
|
|
|
|
Makes the active translation object a ``NullTranslations()`` instance.
|
|
This is useful when we want delayed translations to appear as the original
|
|
string for some reason.
|
|
|
|
.. function:: override(language, deactivate=False)
|
|
|
|
A Python context manager that uses
|
|
:func:`django.utils.translation.activate` to fetch the translation object
|
|
for a given language, activates it as the translation object for the
|
|
current thread and reactivates the previous active language on exit.
|
|
Optionally, it can simply deactivate the temporary translation on exit with
|
|
:func:`django.utils.translation.deactivate` if the ``deactivate`` argument
|
|
is ``True``. If you pass ``None`` as the language argument, a
|
|
``NullTranslations()`` instance is activated within the context.
|
|
|
|
.. function:: get_language()
|
|
|
|
Returns the currently selected language code.
|
|
|
|
.. function:: get_language_bidi()
|
|
|
|
Returns selected language's BiDi layout:
|
|
|
|
* ``False`` = left-to-right layout
|
|
* ``True`` = right-to-left layout
|
|
|
|
.. function:: get_language_from_request(request, check_path=False)
|
|
|
|
Analyzes the request to find what language the user wants the system to
|
|
show. Only languages listed in settings.LANGUAGES are taken into account.
|
|
If the user requests a sublanguage where we have a main language, we send
|
|
out the main language.
|
|
|
|
If ``check_path`` is ``True``, the function first checks the requested URL
|
|
for whether its path begins with a language code listed in the
|
|
:setting:`LANGUAGES` setting.
|
|
|
|
.. function:: to_locale(language)
|
|
|
|
Turns a language name (en-us) into a locale name (en_US).
|
|
|
|
.. function:: templatize(src)
|
|
|
|
Turns a Django template into something that is understood by ``xgettext``.
|
|
It does so by translating the Django translation tags into standard
|
|
``gettext`` function invocations.
|
|
|
|
.. data:: LANGUAGE_SESSION_KEY
|
|
|
|
Session key under which the active language for the current session is
|
|
stored.
|
|
|
|
``django.utils.tzinfo``
|
|
=======================
|
|
|
|
.. deprecated:: 1.7
|
|
Use :mod:`~django.utils.timezone` instead.
|
|
|
|
.. module:: django.utils.tzinfo
|
|
:synopsis: Implementation of ``tzinfo`` classes for use with ``datetime.datetime``.
|
|
|
|
.. class:: FixedOffset
|
|
|
|
Fixed offset in minutes east from UTC.
|
|
|
|
.. deprecated:: 1.7
|
|
Use :func:`~django.utils.timezone.get_fixed_timezone` instead.
|
|
|
|
.. class:: LocalTimezone
|
|
|
|
Proxy timezone information from time module.
|
|
|
|
.. deprecated:: 1.7
|
|
Use :func:`~django.utils.timezone.get_default_timezone` instead.
|