[1.0.X] Fixed #8966 -- Changed is_safe for length_is filter to False, since its return value is a boolean, not a string.

kmtracey · kmtracey · commit 84216ef05e60 · 2008-10-28T19:04:59.000Z
Thanks Thomas Steinacher, carljm, and SmileyChris. Backport of r9291 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@9292 bcc190cf-cafb-0310-a4f2-bffc1f526a37
diff --git a/django/template/defaultfilters.py b/django/template/defaultfilters.py
@@ -476,7 +476,7 @@ def length(value):
 def length_is(value, arg):
     """Returns a boolean of whether the value's length is the argument."""
     return len(value) == int(arg)
-length_is.is_safe = True
+length_is.is_safe = False
 
 def random(value):
     """Returns a random item from the list."""
diff --git a/docs/howto/custom-template-tags.txt b/docs/howto/custom-template-tags.txt
@@ -241,6 +241,12 @@ Template filter code falls into one of two situations:
        this tricky, but keep an eye out for any problems like that when
        reviewing your code.
 
+       Marking a filter ``is_safe`` will coerce the filter's return value to
+       a string.  If your filter should return a boolean or other non-string
+       value, marking it ``is_safe`` will probably have unintended
+       consequences (such as converting a boolean False to the string
+       'False').
+
     2. Alternatively, your filter code can manually take care of any necessary
        escaping. This is necessary when you're introducing new HTML markup into
        the result. You want to mark the output as safe from further
diff --git a/tests/regressiontests/templates/filters.py b/tests/regressiontests/templates/filters.py
@@ -277,5 +277,9 @@ def get_filter_tests():
 
         'escapejs01': (r'{{ a|escapejs }}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'),
         'escapejs02': (r'{% autoescape off %}{{ a|escapejs }}{% endautoescape %}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'),
+        
+        # Boolean return value from length_is should not be coerced to a string
+        'lengthis01': (r'{% if "X"|length_is:0 %}Length is 0{% else %}Length not 0{% endif %}', {}, 'Length not 0'),
+        'lengthis02': (r'{% if "X"|length_is:1 %}Length is 1{% else %}Length not 1{% endif %}', {}, 'Length is 1'),
     }
 

Original file line number	Diff line number	Diff line change
`@@ -277,5 +277,9 @@ def get_filter_tests():`
`277`	`277`
`278`	`278`	`'escapejs01': (r'{{ a\|escapejs }}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'),`
`279`	`279`	`'escapejs02': (r'{% autoescape off %}{{ a\|escapejs }}{% endautoescape %}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'),`
	`280`	`+`
	`281`	`+ # Boolean return value from length_is should not be coerced to a string`
	`282`	`+ 'lengthis01': (r'{% if "X"\|length_is:0 %}Length is 0{% else %}Length not 0{% endif %}', {}, 'Length not 0'),`
	`283`	`+ 'lengthis02': (r'{% if "X"\|length_is:1 %}Length is 1{% else %}Length not 1{% endif %}', {}, 'Length is 1'),`
`280`	`284`	`}`
`281`	`285`