Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #6239 -- Fixed an auto-escaping problem with urlizetrunc. Thank…

…s, SmileyChris.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@6950 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 367867845f443583045326a098af5781e2099817 1 parent 6e94b56
Malcolm Tredinnick authored December 19, 2007
6  django/template/defaultfilters.py
@@ -254,7 +254,7 @@ def urlize(value, autoescape=None):
254 254
 urlize.needs_autoescape = True
255 255
 urlize = stringfilter(urlize)
256 256
 
257  
-def urlizetrunc(value, limit):
  257
+def urlizetrunc(value, limit, autoescape=None):
258 258
     """
259 259
     Converts URLs into clickable links, truncating URLs to the given character
260 260
     limit, and adding 'rel=nofollow' attribute to discourage spamming.
@@ -262,8 +262,10 @@ def urlizetrunc(value, limit):
262 262
     Argument: Length to truncate URLs to.
263 263
     """
264 264
     from django.utils.html import urlize
265  
-    return mark_safe(urlize(value, trim_url_limit=int(limit), nofollow=True))
  265
+    return mark_safe(urlize(value, trim_url_limit=int(limit), nofollow=True,
  266
+                            autoescape=autoescape))
266 267
 urlizetrunc.is_safe = True
  268
+urlizetrunc.needs_autoescape = True
267 269
 urlizetrunc = stringfilter(urlizetrunc)
268 270
 
269 271
 def wordcount(value):
4  tests/regressiontests/templates/filters.py
@@ -108,8 +108,8 @@ def get_filter_tests():
108 108
         'filter-urlize05': ('{% autoescape off %}{{ a|urlize }}{% endautoescape %}', {"a": "<script>alert('foo')</script>"}, "<script>alert('foo')</script>"),
109 109
         'filter-urlize06': ('{{ a|urlize }}', {"a": "<script>alert('foo')</script>"}, '&lt;script&gt;alert(&#39;foo&#39;)&lt;/script&gt;'),
110 110
 
111  
-        'filter-urlizetrunc01': ('{% autoescape off %}{{ a|urlizetrunc:"8" }} {{ b|urlizetrunc:"8" }}{% endautoescape %}', {"a": "http://example.com/x=&y=", "b": mark_safe("http://example.com?x=&y=")}, u'<a href="http://example.com/x=&y=" rel="nofollow">http:...</a> <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'),
112  
-        'filter-urlizetrunc02': ('{{ a|urlizetrunc:"8" }} {{ b|urlizetrunc:"8" }}', {"a": "http://example.com/x=&y=", "b": mark_safe("http://example.com?x=&y=")}, u'<a href="http://example.com/x=&y=" rel="nofollow">http:...</a> <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'),
  111
+        'filter-urlizetrunc01': ('{% autoescape off %}{{ a|urlizetrunc:"8" }} {{ b|urlizetrunc:"8" }}{% endautoescape %}', {"a": '"Unsafe" http://example.com/x=&y=', "b": mark_safe('&quot;Safe&quot; http://example.com?x=&y=')}, u'"Unsafe" <a href="http://example.com/x=&y=" rel="nofollow">http:...</a> &quot;Safe&quot; <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'),
  112
+        'filter-urlizetrunc02': ('{{ a|urlizetrunc:"8" }} {{ b|urlizetrunc:"8" }}', {"a": '"Unsafe" http://example.com/x=&y=', "b": mark_safe('&quot;Safe&quot; http://example.com?x=&y=')}, u'&quot;Unsafe&quot; <a href="http://example.com/x=&y=" rel="nofollow">http:...</a> &quot;Safe&quot; <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'),
113 113
 
114 114
         'filter-wordcount01': ('{% autoescape off %}{{ a|wordcount }} {{ b|wordcount }}{% endautoescape %}', {"a": "a & b", "b": mark_safe("a &amp; b")}, "3 3"),
115 115
         'filter-wordcount02': ('{{ a|wordcount }} {{ b|wordcount }}', {"a": "a & b", "b": mark_safe("a &amp; b")}, "3 3"),

0 notes on commit 3678678

Please sign in to comment.
Something went wrong with that request. Please try again.