Re: [Django] #36049: The `upper` template filter should set `is_safe=True`

[Django]

#36049: The `upper` template filter should set `is_safe=True`
-------------------------------+--------------------------------------
     Reporter:  Lily Foote     |                    Owner:  (none)
         Type:  Uncategorized  |                   Status:  new
    Component:  Uncategorized  |                  Version:  5.1
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Unreviewed
    Has patch:  0              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  0
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+--------------------------------------
Description changed by Lily Foote:

Old description:

> I noticed this inconsistency between `upper` and `lower` where `upper`
> has `is_safe=False` but `lower` has `is_safe=True`. I think `lower` is
> correct and `upper` is incorrect.
>
> This has been the case ever since `is_safe` was introduced in
> https://github.com/django/django/commit/356662cf74c99fac90afb0f5e6aac8d2d573e62a.
>
> {{{
> from django.template import engines
> from django.utils.safestring import mark_safe
>

> def test_is_safe():
>     template = """
> {{ html|upper }}
> {{ html|lower }}
> """
>     template = engines["django"].from_string(template)
>     html = mark_safe("<p>Hello World!</p>")
>     assert template.render({"html": html}) == """
> <p>HELLO WORLD!</p>
> <p>hello world!</p>
> """
>
> E       AssertionError: assert '\n&lt;P&gt;H... world!</p>\n' ==
> '\n<p>HELLO W... world!</p>\n'
> E
> E
> E         - <p>HELLO WORLD!</p>
> E         + &lt;P&gt;HELLO WORLD!&lt;/P&gt;
> E           <p>hello world!</p>
> }}}

New description:

 I noticed this inconsistency between `upper` and `lower` where `upper` has
 `is_safe=False` but `lower` has `is_safe=True`. I think `lower` is correct
 and `upper` is incorrect.

 This has been the case ever since `is_safe` was introduced in
 
https://github.com/django/django/commit/356662cf74c99fac90afb0f5e6aac8d2d573e62a.

 {{{
 from django.template import engines
 from django.utils.safestring import mark_safe


 def test_is_safe():
     template = """
 {{ html|upper }}
 {{ html|lower }}
 """
     template = engines["django"].from_string(template)
     html = mark_safe("<p>Hello World!</p>")
     assert template.render({"html": html}) == """
 <P>HELLO WORLD!</P>
 <p>hello world!</p>
 """

 E       AssertionError: assert '\n&lt;P&gt;H... world!</p>\n' ==
 '\n<p>HELLO W... world!</p>\n'
 E
 E
 E         - <P>HELLO WORLD!</P>
 E         + &lt;P&gt;HELLO WORLD!&lt;/P&gt;
 E           <p>hello world!</p>
 }}}

--
-- 
Ticket URL: <https://code.djangoproject.com/ticket/36049#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion visit 
https://groups.google.com/d/msgid/django-updates/010701942279add8-1ad855e1-a156-4a1f-a119-1f22261cf68f-000000%40eu-central-1.amazonses.com.