auto_escape double escapes filtered values #150

Closed
acammack opened this Issue Mar 12, 2014 · 2 comments

Comments

Projects
None yet
2 participants

My understanding of the autoescape block from the Django documentation is that it applies the escape filter to each value not marked safe. This should result in each value not marked safe being escaped exactly once at the end of filtering.

$ cat broken.dtl
{{ "&foo" }}
{{ "&foo"|add:"bar" }}

$ erl -pa deps/erlydtl/ebin/ deps/erlydtl/deps/merl/ebin/
Erlang/OTP 17 [RELEASE CANDIDATE 2] [erts-6.0] [source] [64-bit] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V6.0  (abort with ^G)
1> erlydtl:compile_file("broken.dtl", broken, [{out_dir, "ebin/"}]).
{ok,broken}
2> broken:render([]).
{ok,[[<<"&amp;">>,<<"foo">>], % Correct
     <<"\n">>,"&amp;amp;foobar",<<"\n">>]} % Escaped one too many times

From the generated .erl file:

erlydtl_filters:force_escape(erlydtl_filters:format_number(erlydtl_filters:force_escape(erlydtl_filters:add(...

It looks like filter_ast/2 doesn't play nice with the auto_escape context, but I have no idea how to go about fixing it.

kaos added this to the 0.9.2 milestone Mar 12, 2014

kaos self-assigned this Mar 12, 2014

kaos closed this in bbe5be8 Mar 12, 2014

Owner

kaos commented Mar 12, 2014

Thanks for the report. And fortunate enough, I know how to go about fixing it :p
It turned out there were a few more cases that the tests didn't cover, that was also broken. Thanks for bringing it to my attention :)

Thanks again for the quick response! It works great now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment