Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Content coming via {{ block.super }} is always going to be correctly …

…escaped

already. We mark it as safe so that template authors don't need to.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6673 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit bdb0b903c2885a3f4b7f0282b8ba04267a1fc29e 1 parent 356662c
Malcolm Tredinnick authored November 14, 2007
3  django/template/loader_tags.py
@@ -2,6 +2,7 @@
2 2
 from django.template import Library, Node
3 3
 from django.template.loader import get_template, get_template_from_string, find_template_source
4 4
 from django.conf import settings
  5
+from django.utils.safestring import mark_safe
5 6
 
6 7
 register = Library()
7 8
 
@@ -26,7 +27,7 @@ def render(self, context):
26 27
 
27 28
     def super(self):
28 29
         if self.parent:
29  
-            return self.parent.render(self.context)
  30
+            return mark_safe(self.parent.render(self.context))
30 31
         return ''
31 32
 
32 33
     def add_parent(self, nodelist):
6  docs/templates.txt
@@ -280,7 +280,9 @@ Here are some tips for working with inheritance:
280 280
     * If you need to get the content of the block from the parent template,
281 281
       the ``{{ block.super }}`` variable will do the trick. This is useful
282 282
       if you want to add to the contents of a parent block instead of
283  
-      completely overriding it.
  283
+      completely overriding it. Data inserted using ``{{ block.super }}`` will
  284
+      not be automatically escaped (see the `next section`_), since it was
  285
+      already escaped, if necessary, in the parent template.
284 286
 
285 287
     * For extra readability, you can optionally give a *name* to your
286 288
       ``{% endblock %}`` tag. For example::
@@ -299,6 +301,8 @@ it also defines the content that fills the hole in the *parent*. If there were
299 301
 two similarly-named ``{% block %}`` tags in a template, that template's parent
300 302
 wouldn't know which one of the blocks' content to use.
301 303
 
  304
+.. _next section: #automatic-html-escaping
  305
+
302 306
 Automatic HTML escaping
303 307
 =======================
304 308
 
18  tests/regressiontests/templates/tests.py
@@ -617,7 +617,7 @@ def get_template_tests(self):
617 617
             ### INHERITANCE ###########################################################
618 618
 
619 619
             # Standard template with no inheritance
620  
-            'inheritance01': ("1{% block first %}_{% endblock %}3{% block second %}_{% endblock %}", {}, '1_3_'),
  620
+            'inheritance01': ("1{% block first %}&{% endblock %}3{% block second %}_{% endblock %}", {}, '1&3_'),
621 621
 
622 622
             # Standard two-level inheritance
623 623
             'inheritance02': ("{% extends 'inheritance01' %}{% block first %}2{% endblock %}{% block second %}4{% endblock %}", {}, '1234'),
@@ -626,7 +626,7 @@ def get_template_tests(self):
626 626
             'inheritance03': ("{% extends 'inheritance02' %}", {}, '1234'),
627 627
 
628 628
             # Two-level with no redefinitions on second level
629  
-            'inheritance04': ("{% extends 'inheritance01' %}", {}, '1_3_'),
  629
+            'inheritance04': ("{% extends 'inheritance01' %}", {}, '1&3_'),
630 630
 
631 631
             # Two-level with double quotes instead of single quotes
632 632
             'inheritance05': ('{% extends "inheritance02" %}', {}, '1234'),
@@ -635,16 +635,16 @@ def get_template_tests(self):
635 635
             'inheritance06': ("{% extends foo %}", {'foo': 'inheritance02'}, '1234'),
636 636
 
637 637
             # Two-level with one block defined, one block not defined
638  
-            'inheritance07': ("{% extends 'inheritance01' %}{% block second %}5{% endblock %}", {}, '1_35'),
  638
+            'inheritance07': ("{% extends 'inheritance01' %}{% block second %}5{% endblock %}", {}, '1&35'),
639 639
 
640 640
             # Three-level with one block defined on this level, two blocks defined next level
641 641
             'inheritance08': ("{% extends 'inheritance02' %}{% block second %}5{% endblock %}", {}, '1235'),
642 642
 
643 643
             # Three-level with second and third levels blank
644  
-            'inheritance09': ("{% extends 'inheritance04' %}", {}, '1_3_'),
  644
+            'inheritance09': ("{% extends 'inheritance04' %}", {}, '1&3_'),
645 645
 
646 646
             # Three-level with space NOT in a block -- should be ignored
647  
-            'inheritance10': ("{% extends 'inheritance04' %}      ", {}, '1_3_'),
  647
+            'inheritance10': ("{% extends 'inheritance04' %}      ", {}, '1&3_'),
648 648
 
649 649
             # Three-level with both blocks defined on this level, but none on second level
650 650
             'inheritance11': ("{% extends 'inheritance04' %}{% block first %}2{% endblock %}{% block second %}4{% endblock %}", {}, '1234'),
@@ -656,7 +656,7 @@ def get_template_tests(self):
656 656
             'inheritance13': ("{% extends 'inheritance02' %}{% block first %}a{% endblock %}{% block second %}b{% endblock %}", {}, '1a3b'),
657 657
 
658 658
             # A block defined only in a child template shouldn't be displayed
659  
-            'inheritance14': ("{% extends 'inheritance01' %}{% block newblock %}NO DISPLAY{% endblock %}", {}, '1_3_'),
  659
+            'inheritance14': ("{% extends 'inheritance01' %}{% block newblock %}NO DISPLAY{% endblock %}", {}, '1&3_'),
660 660
 
661 661
             # A block within another block
662 662
             'inheritance15': ("{% extends 'inheritance01' %}{% block first %}2{% block inner %}inner{% endblock %}{% endblock %}", {}, '12inner3_'),
@@ -674,16 +674,16 @@ def get_template_tests(self):
674 674
             'inheritance19': ("{% extends 'inheritance01' %}{% block first %}{% load testtags %}{% echo 400 %}5678{% endblock %}", {}, '140056783_'),
675 675
 
676 676
             # Two-level inheritance with {{ block.super }}
677  
-            'inheritance20': ("{% extends 'inheritance01' %}{% block first %}{{ block.super }}a{% endblock %}", {}, '1_a3_'),
  677
+            'inheritance20': ("{% extends 'inheritance01' %}{% block first %}{{ block.super }}a{% endblock %}", {}, '1&a3_'),
678 678
 
679 679
             # Three-level inheritance with {{ block.super }} from parent
680 680
             'inheritance21': ("{% extends 'inheritance02' %}{% block first %}{{ block.super }}a{% endblock %}", {}, '12a34'),
681 681
 
682 682
             # Three-level inheritance with {{ block.super }} from grandparent
683  
-            'inheritance22': ("{% extends 'inheritance04' %}{% block first %}{{ block.super }}a{% endblock %}", {}, '1_a3_'),
  683
+            'inheritance22': ("{% extends 'inheritance04' %}{% block first %}{{ block.super }}a{% endblock %}", {}, '1&a3_'),
684 684
 
685 685
             # Three-level inheritance with {{ block.super }} from parent and grandparent
686  
-            'inheritance23': ("{% extends 'inheritance20' %}{% block first %}{{ block.super }}b{% endblock %}", {}, '1_ab3_'),
  686
+            'inheritance23': ("{% extends 'inheritance20' %}{% block first %}{{ block.super }}b{% endblock %}", {}, '1&ab3_'),
687 687
 
688 688
             # Inheritance from local context without use of template loader
689 689
             'inheritance24': ("{% extends context_template %}{% block first %}2{% endblock %}{% block second %}4{% endblock %}", {'context_template': template.Template("1{% block first %}_{% endblock %}3{% block second %}_{% endblock %}")}, '1234'),

0 notes on commit bdb0b90

Please sign in to comment.
Something went wrong with that request. Please try again.