#22294: length filter changes type of output to string if passed safe string
---------------------------------+-------------------------
     Reporter:  steve.pike@…     |      Owner:  nobody
         Type:  Uncategorized    |     Status:  new
    Component:  Template system  |    Version:  1.5
     Severity:  Normal           |   Keywords:  filter safe
 Triage Stage:  Unreviewed       |  Has patch:  0
Easy pickings:  1                |      UI/UX:  0
---------------------------------+-------------------------
 if you do:

 {{{
 {% if some_string|length > 123 %}
 Hurrah!
 {% endif %}
 }}}

 what happens is what you expect to happen - the length of the string is
 determined and compared to the integer given in the condition.

 However if you do this:

 {{{
 {% if some_safe_string|length > 123 %}
 Booo!
 {% endif %}
 }}}

 Then the result is non obvious, since passing a safe_string to length
 results in the output also being marked safe and thus changed into a safe
 *string*... on which you cannot do simple comparisons to integers in this
 way... (see: https://docs.djangoproject.com/en/dev/howto/custom-template-
 tags/#filters-and-auto-escaping and
 
https://github.com/django/django/blob/master/django/template/defaultfilters.py#L581
 )

 This seems like a bug rather than a feature, but since the type of the
 result of the length filter is not stated in the docs (
 https://docs.djangoproject.com/en/1.5/ref/templates/builtins/#length )
 this is really misleading.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/22294>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/071.44787aea9b536ab6f5cdb78c1f3ea010%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to