Fix the return type of escape to Markup

This patch fixes the return type of escape to always be Markup. It addresses the issue with custom class that implements the __html__ method - see issue #68. A new test case, test_escape_return_type, is added to test the behavior.
pallets · May 24, 2017 · dc5a6bb · dc5a6bb
1 parent d2a40c4
commit dc5a6bb
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 2 deletions.
diff --git a/markupsafe/_native.py b/markupsafe/_native.py
@@ -18,7 +18,7 @@ def escape(s):
     such characters in HTML.  Marks return value as markup string.
     """
     if hasattr(s, '__html__'):
-        return s.__html__()
+        return Markup(s.__html__())
     return Markup(text_type(s)
         .replace('&', '&amp;')
         .replace('>', '&gt;')

diff --git a/markupsafe/_speedups.c b/markupsafe/_speedups.c
@@ -131,8 +131,11 @@ escape(PyObject *self, PyObject *text)
 	/* if the object has an __html__ method that performs the escaping */
 	html = PyObject_GetAttrString(text, "__html__");
 	if (html) {
-		rv = PyObject_CallObject(html, NULL);
+		s = PyObject_CallObject(html, NULL);
 		Py_DECREF(html);
+		/* Convert to Markup object */
+		rv = PyObject_CallFunctionObjArgs(markup, (PyObject*)s, NULL);
+		Py_DECREF(s);
 		return rv;
 	}
 

diff --git a/tests.py b/tests.py
@@ -173,6 +173,13 @@ def test_splitting(self):
     def test_mul(self):
         self.assertEqual(Markup('a') * 3, Markup('aaa'))
 
+    def test_escape_return_type(self):
+        self.assertIsInstance(escape('a'), Markup)
+        class Foo:
+            def __html__(self):
+                return '<strong>Foo</strong>'
+        self.assertIsInstance(escape(Foo()), Markup)
+
 
 class MarkupLeakTestCase(unittest.TestCase):