Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Autoescape on by default (Close #120, see #80)

This to be Django compatible. Pass `{auto_escape, false}` as compile
option when compiling the template to disable auto escaping.
  • Loading branch information...
commit d840d7df196e301a77cc310b2ea878b5dda92fb8 1 parent 766e37f
@kaos kaos authored
View
7 README.markdown
@@ -126,8 +126,8 @@ Options is a proplist possibly containing:
* `no_env` - Do not read additional options from the OS environment
variable `ERLYDTL_COMPILER_OPTIONS`.
-* `auto_escape` - Turn on auto escape by default (this is on by
- default in Django).
+* `auto_escape` - Control automatic HTML escaping of template
+ values. Enabled by default.
* `no_load` - Do not load the compiled template.
@@ -239,9 +239,6 @@ passed to the render/3 function.
Differences from standard Django Template Language
--------------------------------------------------
-* `auto_escape` is not enabled by default in ErlyDTL. Pass the
- `auto_escape` option when compiling your template if you need this.
-
* `csrf_token` The
[Cross Site Request Forgery](https://docs.djangoproject.com/en/1.6/ref/contrib/csrf/)
tag is not implemented.
View
4 src/erlydtl_compiler.erl
@@ -428,9 +428,9 @@ init_context(ParseTrail, DefDir, Module, Options) ->
Ctx = #dtl_context{},
Context = #dtl_context{
all_options = Options,
- auto_escape = case proplists:get_bool(auto_escape, Options) of
+ auto_escape = case proplists:get_value(auto_escape, Options, true) of
true -> on;
- false -> off
+ _ -> off
end,
parse_trail = ParseTrail,
module = Module,
View
2  tests/expect/filters
@@ -1,3 +1,4 @@
+
Add: 2 + 2 = 4
Capfirst: Capitalized
@@ -43,3 +44,4 @@ Right adjust:
Uppercase: UPPERCASE
URL Encode: Let%27s%20go%21
+
View
2  tests/input/filters
@@ -1,3 +1,4 @@
+{% autoescape off %}
Add: 2 + 2 = {{ 2|add:2 }}
Capfirst: {{ "capitalized"|capfirst }}
@@ -43,3 +44,4 @@ Right adjust:
Uppercase: {{ "uppercase"|upper }}
URL Encode: {{ "Let's go!"|urlencode }}
+{% endautoescape %}
View
38 tests/src/erlydtl_functional_tests.erl
@@ -289,24 +289,21 @@ test_render(Name, Module) ->
Data = iolist_to_binary(Output),
if RenderStatus =:= ok ->
if RenderResult =:= undefined ->
- Devs = [begin
- FileName = filename:join([templates_dir(Dir), Name]),
- {ok, IoDev} = file:open(FileName, [write]),
- IoDev
- end || Dir <- ["output", "expect"]],
- try
- [file:write(IoDev, Data) || IoDev <- Devs],
- io:format("~n #### NOTE: created new expected output file: \"tests/expect/~s\"."
- "~n Please verify contents.", [Name])
- after
- [file:close(IoDev) || IoDev <- Devs]
- end;
+ [with_template_filename(
+ Dir, Name,
+ fun(F) -> file:write_file(F, Data) end)
+ || Dir <- ["output", "expect"]],
+ io:format("~n #### NOTE: created new expected output file: \"tests/expect/~s\"."
+ "~n Please verify contents.", [Name]);
RenderResult =:= Data ->
io:format("ok");
RenderResult =:= skip_check ->
io:format("ok (not checked for regression)");
true ->
io:format("failed"),
+ with_template_filename(
+ "output", Name,
+ fun(F) -> file:write_file(F, Data) end),
{error, io_lib:format(
"Expected output does not match rendered output~n"
"==Expected==~n~p~n--Actual--~n~p~n==End==~n",
@@ -327,11 +324,18 @@ test_render(Name, Module) ->
end.
get_expected_result(Name) ->
- FileName = filename:join([templates_dir("expect"), Name]),
- case filelib:is_regular(FileName) of
- true -> {ok, Data} = file:read_file(FileName), Data;
- false -> undefined
- end.
+ with_template_filename(
+ "expect", Name,
+ fun(F) ->
+ case filelib:is_regular(F) of
+ true -> {ok, Data} = file:read_file(F), Data;
+ false -> undefined
+ end
+ end).
+
+with_template_filename(Dir, Name, Fun) ->
+ FileName = filename:join([templates_dir(Dir), Name]),
+ Fun(FileName).
templates_docroot() -> templates_dir("input").
templates_dir(Name) -> filename:join(["tests", Name]).
View
7 tests/src/erlydtl_unittests.erl
@@ -55,11 +55,7 @@ tests() ->
[{var1, "<b>bold</b>"}], <<"&lt;b&gt;bold&lt;/b&gt;">>},
{"Nested autoescape",
<<"{% autoescape on %}{{ var1 }}{% autoescape off %}{{ var1 }}{% endautoescape %}{% endautoescape %}">>,
- [{var1, "<b>"}], <<"&lt;b&gt;<b>">>},
- {"Autoescape by default (using compile option)",
- <<"{{ var1 }}">>,
- [{var1, "<b>bold</b>"}], [], [auto_escape],
- <<"&lt;b&gt;bold&lt;/b&gt;">>}
+ [{var1, "<b>"}], <<"&lt;b&gt;<b>">>}
]},
{"string literal", [
{"Render literal",
@@ -1384,6 +1380,7 @@ format_error(Name, Class, Error) ->
compile_test(DTL, Opts) ->
Options = [force_recompile,
+ {auto_escape, false},
return_errors, return_warnings,
{custom_filters_modules, [erlydtl_contrib_humanize]}
|Opts],
Please sign in to comment.
Something went wrong with that request. Please try again.