Author: kmtracey
Date: 2008-10-28 14:00:49 -0500 (Tue, 28 Oct 2008)
New Revision: 9291
Modified:
django/trunk/django/template/defaultfilters.py
django/trunk/docs/howto/custom-template-tags.txt
django/trunk/tests/regressiontests/templates/filters.py
Log:
Fixed #8966 -- Changed is_safe for length_is filter to False, since its return
value is a boolean, not a string.
Thanks Thomas Steinacher and carljm.
Modified: django/trunk/django/template/defaultfilters.py
===================================================================
--- django/trunk/django/template/defaultfilters.py 2008-10-28 16:30:19 UTC
(rev 9290)
+++ django/trunk/django/template/defaultfilters.py 2008-10-28 19:00:49 UTC
(rev 9291)
@@ -476,7 +476,7 @@
def length_is(value, arg):
"""Returns a boolean of whether the value's length is the argument."""
return len(value) == int(arg)
-length_is.is_safe = True
+length_is.is_safe = False
def random(value):
"""Returns a random item from the list."""
Modified: django/trunk/docs/howto/custom-template-tags.txt
===================================================================
--- django/trunk/docs/howto/custom-template-tags.txt 2008-10-28 16:30:19 UTC
(rev 9290)
+++ django/trunk/docs/howto/custom-template-tags.txt 2008-10-28 19:00:49 UTC
(rev 9291)
@@ -241,6 +241,12 @@
this tricky, but keep an eye out for any problems like that when
reviewing your code.
+ Marking a filter ``is_safe`` will coerce the filter's return value to
+ a string. If your filter should return a boolean or other non-string
+ value, marking it ``is_safe`` will probably have unintended
+ consequences (such as converting a boolean False to the string
+ 'False').
+
2. Alternatively, your filter code can manually take care of any necessary
escaping. This is necessary when you're introducing new HTML markup into
the result. You want to mark the output as safe from further
Modified: django/trunk/tests/regressiontests/templates/filters.py
===================================================================
--- django/trunk/tests/regressiontests/templates/filters.py 2008-10-28
16:30:19 UTC (rev 9290)
+++ django/trunk/tests/regressiontests/templates/filters.py 2008-10-28
19:00:49 UTC (rev 9291)
@@ -277,5 +277,9 @@
'escapejs01': (r'{{ a|escapejs }}', {'a': 'testing\r\njavascript
\'string" <b>escaping</b>'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22
\\x3Cb\\x3Eescaping\\x3C/b\\x3E'),
'escapejs02': (r'{% autoescape off %}{{ a|escapejs }}{% endautoescape
%}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'},
'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'),
+
+ # Boolean return value from length_is should not be coerced to a string
+ 'lengthis01': (r'{% if "X"|length_is:0 %}Length is 0{% else %}Length
not 0{% endif %}', {}, 'Length not 0'),
+ 'lengthis02': (r'{% if "X"|length_is:1 %}Length is 1{% else %}Length
not 1{% endif %}', {}, 'Length is 1'),
}
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
