#28121: force_text incorrectly handles SafeBytes under PY3
----------------------------------------------+------------------------
               Reporter:  Thomas Achtemichuk  |          Owner:  nobody
                   Type:  Bug                 |         Status:  new
              Component:  Utilities           |        Version:  master
               Severity:  Normal              |       Keywords:
           Triage Stage:  Unreviewed          |      Has patch:  0
    Needs documentation:  0                   |    Needs tests:  0
Patch needs improvement:  0                   |  Easy pickings:  0
                  UI/UX:  0                   |
----------------------------------------------+------------------------
 Under python 3 & Django 1.8.18, 1.9.13, 1.10.7, 1.11 and master, calling
 `force_text` on an instance of `SafeBytes` causes a `str` to be returned
 rather than an instance of `SafeText`.

 {{{
 >>> from django.utils.safestring import SafeBytes, SafeText
 >>> from django.utils.encoding import force_text
 >>> type(force_text(SafeText('')))
 django.utils.safestring.SafeText
 >>> type(force_text(SafeBytes(b'')))
 str
 }}}

 This causes byte strings run through `mark_safe` and rendered in a
 template to be incorrectly escaped.

 {{{
 >>> from django.template import Template, Context
 >>> from django.utils.safestring import mark_safe
 >>> Template('{{ x }}').render(Context({'x': mark_safe(b'&')}))
 '&'
 >>> Template('{{ x }}').render(Context({'x': mark_safe('&')}))
 '&'
 }}}

--
Ticket URL: <https://code.djangoproject.com/ticket/28121>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/050.9e80befbe6b80b716e27dd464d2b5a9f%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to