[Changeset] r17876 - in django/trunk: django/template tests/regressiontests/defaultfilters

Sat, 07 Apr 2012 08:16:16 -0700 

Author: claudep
Date: 2012-04-07 08:16:11 -0700 (Sat, 07 Apr 2012)
New Revision: 17876

Modified:
   django/trunk/django/template/defaultfilters.py
   django/trunk/tests/regressiontests/defaultfilters/tests.py
Log:
Fixed #15683 -- Prevented escaped string to be needlessly marked safe twice in 
force_escape filter. Thanks tyrion for the initial patch.


Modified: django/trunk/django/template/defaultfilters.py
===================================================================
--- django/trunk/django/template/defaultfilters.py      2012-04-06 21:24:33 UTC 
(rev 17875)
+++ django/trunk/django/template/defaultfilters.py      2012-04-07 15:16:11 UTC 
(rev 17876)
@@ -419,7 +419,7 @@
     characters (as opposed to "escape", which marks the content for later
     possible escaping).
     """
-    return mark_safe(escape(value))
+    return escape(value)
 
 @register.filter("linebreaks", is_safe=True, needs_autoescape=True)
 @stringfilter

Modified: django/trunk/tests/regressiontests/defaultfilters/tests.py
===================================================================
--- django/trunk/tests/regressiontests/defaultfilters/tests.py  2012-04-06 
21:24:33 UTC (rev 17875)
+++ django/trunk/tests/regressiontests/defaultfilters/tests.py  2012-04-07 
15:16:11 UTC (rev 17876)
@@ -6,6 +6,7 @@
 from django.template.defaultfilters import *
 from django.test import TestCase
 from django.utils import unittest, translation
+from django.utils.safestring import SafeData
 
 
 class DefaultFiltersTests(TestCase):
@@ -328,9 +329,10 @@
                           u'a string to be mangled')
 
     def test_force_escape(self):
+        escaped = force_escape(u'<some html & special characters > here')
         self.assertEqual(
-            force_escape(u'<some html & special characters > here'),
-            u'&lt;some html &amp; special characters &gt; here')
+            escaped, u'&lt;some html &amp; special characters &gt; here')
+        self.assertTrue(isinstance(escaped, SafeData))
         self.assertEqual(
             force_escape(u'<some html & special characters > here ĐÅ€£'),
             u'&lt;some html &amp; special characters &gt; here'\

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Reply via email to