Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Added tests and a small optimisation for [6721]. Thanks SmileyChris. …

…Fixed #6049

git-svn-id: http://code.djangoproject.com/svn/django/trunk@6729 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 3c272792d6207147c23d93baa282c0e2e5a4f874 1 parent b1df360
@malcolmt malcolmt authored
View
4 django/template/defaultfilters.py
@@ -25,8 +25,8 @@ def _dec(*args, **kwargs):
if args:
args = list(args)
args[0] = force_unicode(args[0])
- if isinstance(args[0], SafeData) and getattr(func, 'is_safe', False):
- return mark_safe(func(*args, **kwargs))
+ if isinstance(args[0], SafeData) and getattr(func, 'is_safe', False):
+ return mark_safe(func(*args, **kwargs))
return func(*args, **kwargs)
# Include a reference to the real function (used to check original
View
16 tests/regressiontests/templates/filters.py
@@ -12,6 +12,15 @@
from django.utils.tzinfo import LocalTimezone
from django.utils.safestring import mark_safe
+# These two classes are used to test auto-escaping of __unicode__ output.
+class UnsafeClass:
+ def __unicode__(self):
+ return u'you & me'
+
+class SafeClass:
+ def __unicode__(self):
+ return mark_safe(u'you > me')
+
# RESULT SYNTAX --
# 'template_name': ('template contents', 'context dict',
# 'expected string output' or Exception class)
@@ -227,4 +236,11 @@ def get_filter_tests():
'chaining12': ('{% autoescape off %}{{ a|cut:"b"|safe }}{% endautoescape %}', {"a": "a < b"}, "a < "),
'chaining13': ('{{ a|safe|force_escape }}', {"a": "a < b"}, "a &lt; b"),
'chaining14': ('{% autoescape off %}{{ a|safe|force_escape }}{% endautoescape %}', {"a": "a < b"}, "a &lt; b"),
+
+ # Filters decorated with stringfilter still respect is_safe.
+ 'autoescape-stringfilter01': (r'{{ unsafe|capfirst }}', {'unsafe': UnsafeClass()}, 'You &amp; me'),
+ 'autoescape-stringfilter02': (r'{% autoescape off %}{{ unsafe|capfirst }}{% endautoescape %}', {'unsafe': UnsafeClass()}, 'You & me'),
+ 'autoescape-stringfilter03': (r'{{ safe|capfirst }}', {'safe': SafeClass()}, 'You &gt; me'),
+ 'autoescape-stringfilter04': (r'{% autoescape off %}{{ safe|capfirst }}{% endautoescape %}', {'safe': SafeClass()}, 'You &gt; me'),
}
+
View
7 tests/regressiontests/templates/tests.py
@@ -899,7 +899,12 @@ def get_template_tests(self):
# Literal string arguments to filters, if used in the result, are
# safe.
- 'basic-syntax08': (r'{% autoescape on %}{{ var|default_if_none:" endquote\" hah" }}{% endautoescape %}', {"var": None}, ' endquote" hah'),
+ 'autoescape-tag08': (r'{% autoescape on %}{{ var|default_if_none:" endquote\" hah" }}{% endautoescape %}', {"var": None}, ' endquote" hah'),
+
+ # Objects which return safe strings as their __unicode__ method
+ # won't get double-escaped.
+ 'autoescape-tag09': (r'{{ unsafe }}', {'unsafe': filters.UnsafeClass()}, 'you &amp; me'),
+ 'autoescape-tag10': (r'{{ safe }}', {'safe': filters.SafeClass()}, 'you &gt; me'),
# The "safe" and "escape" filters cannot work due to internal
# implementation details (fortunately, the (no)autoescape block
Please sign in to comment.
Something went wrong with that request. Please try again.