Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

[1.0.X] Fixed #10369 -- Fixed auto-escaping inside "tran" and "blockt…

…rans" tags.

Patch from Andrew Badr.

Backport of r10519 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10520 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 13475ed646ec47d779e416efb8349393c12bcf3f 1 parent f943e2e
@malcolmt malcolmt authored
View
19 django/template/__init__.py
@@ -789,6 +789,18 @@ def __repr__(self):
def render(self, context):
return self.s
+
+def _render_value_in_context(value, context):
+ """
+ Converts any value to a string to become part of a rendered template. This
+ means escaping, if required, and conversion to a unicode object. If value
+ is a string, it is expected to have already been translated.
+ """
+ value = force_unicode(value)
+ if (context.autoescape and not isinstance(value, SafeData)) or isinstance(value, EscapeData):
+ return escape(value)
+ else:
+ return value
class VariableNode(Node):
def __init__(self, filter_expression):
@@ -799,15 +811,12 @@ def __repr__(self):
def render(self, context):
try:
- output = force_unicode(self.filter_expression.resolve(context))
+ output = self.filter_expression.resolve(context)
except UnicodeDecodeError:
# Unicode conversion can fail sometimes for reasons out of our
# control (e.g. exception rendering). In that case, we fail quietly.
return ''
- if (context.autoescape and not isinstance(output, SafeData)) or isinstance(output, EscapeData):
- return force_unicode(escape(output))
- else:
- return force_unicode(output)
+ return _render_value_in_context(output, context)
def generic_tag_compiler(params, defaults, name, node_class, parser, token):
"Returns a template.Node subclass."
View
6 django/templatetags/i18n.py
@@ -1,6 +1,6 @@
import re
-from django.template import Node, Variable, VariableNode
+from django.template import Node, Variable, VariableNode, _render_value_in_context
from django.template import TemplateSyntaxError, TokenParser, Library
from django.template import TOKEN_TEXT, TOKEN_VAR
from django.utils import translation
@@ -43,7 +43,7 @@ def render(self, context):
if self.noop:
return value
else:
- return translation.ugettext(value)
+ return _render_value_in_context(translation.ugettext(value), context)
class BlockTranslateNode(Node):
def __init__(self, extra_context, singular, plural=None, countervar=None,
@@ -82,7 +82,7 @@ def render(self, context):
result = translation.ugettext(singular)
# Escape all isolated '%' before substituting in the context.
result = re.sub(u'%(?!\()', u'%%', result)
- data = dict([(v, force_unicode(context[v])) for v in vars])
+ data = dict([(v, _render_value_in_context(context[v], context)) for v in vars])
context.pop()
return result % data
View
12 tests/regressiontests/templates/tests.py
@@ -825,12 +825,16 @@ def get_template_tests(self):
'i18n14': ('{% cycle "foo" _("Password") _(\'Password\') as c %} {% cycle c %} {% cycle c %}', {'LANGUAGE_CODE': 'de'}, 'foo Passwort Passwort'),
'i18n15': ('{{ absent|default:_("Password") }}', {'LANGUAGE_CODE': 'de', 'absent': ""}, 'Passwort'),
'i18n16': ('{{ _("<") }}', {'LANGUAGE_CODE': 'de'}, '<'),
- 'i18n17': ('{{ _("") }}', {'LANGUAGE_CODE': 'de'}, ''),
+ 'i18n16a': ('{{ _("") }}', {'LANGUAGE_CODE': 'de'}, ''),
- # Escaping inside blocktrans works as if it was directly in the
+ # Escaping inside blocktrans and trans works as if it was directly in the
# template.
- 'i18n18': ('{% load i18n %}{% blocktrans with anton|escape as berta %}{{ berta }}{% endblocktrans %}', {'anton': 'α & β'}, u'α &amp; β'),
- 'i18n19': ('{% load i18n %}{% blocktrans with anton|force_escape as berta %}{{ berta }}{% endblocktrans %}', {'anton': 'α & β'}, u'α &amp; β'),
+ 'i18n17': ('{% load i18n %}{% blocktrans with anton|escape as berta %}{{ berta }}{% endblocktrans %}', {'anton': 'α & β'}, u'α &amp; β'),
+ 'i18n18': ('{% load i18n %}{% blocktrans with anton|force_escape as berta %}{{ berta }}{% endblocktrans %}', {'anton': 'α & β'}, u'α &amp; β'),
+ 'i18n19': ('{% load i18n %}{% blocktrans %}{{ andrew }}{% endblocktrans %}', {'andrew': 'a & b'}, u'a &amp; b'),
+ 'i18n20': ('{% load i18n %}{% trans andrew %}', {'andrew': 'a & b'}, u'a &amp; b'),
+ 'i18n21': ('{% load i18n %}{% blocktrans %}{{ andrew }}{% endblocktrans %}', {'andrew': mark_safe('a & b')}, u'a & b'),
+ 'i18n22': ('{% load i18n %}{% trans andrew %}', {'andrew': mark_safe('a & b')}, u'a & b'),
### HANDLING OF TEMPLATE_STRING_IF_INVALID ###################################
Please sign in to comment.
Something went wrong with that request. Please try again.