diff options
author | Ayala Shachar <shachar.ayala@gmail.com> | 2017-05-23 10:24:52 -0700 |
---|---|---|
committer | David Lord <davidism@gmail.com> | 2017-05-23 13:44:16 -0700 |
commit | 9f30bc8c4d6702a2e206fd8027443d2edafe4729 (patch) | |
tree | 27d68175ab4304977bdd0bb1a8236a69732bca6b | |
parent | 5b335b7a9eadacbb802c302c3c5879e820e072b6 (diff) | |
download | jinja2-9f30bc8c4d6702a2e206fd8027443d2edafe4729.tar.gz |
Make tojson always safe (fix #709)
-rw-r--r-- | jinja2/utils.py | 2 | ||||
-rw-r--r-- | tests/test_filters.py | 5 |
2 files changed, 4 insertions, 3 deletions
diff --git a/jinja2/utils.py b/jinja2/utils.py index b96d309..40c87ff 100644 --- a/jinja2/utils.py +++ b/jinja2/utils.py @@ -567,7 +567,7 @@ def htmlsafe_json_dumps(obj, dumper=None, **kwargs): .replace(u'>', u'\\u003e') \ .replace(u'&', u'\\u0026') \ .replace(u"'", u'\\u0027') - return rv + return Markup(rv) @implements_iterator diff --git a/tests/test_filters.py b/tests/test_filters.py index 318a347..ff94183 100644 --- a/tests/test_filters.py +++ b/tests/test_filters.py @@ -580,8 +580,9 @@ class TestFilter(object): def test_json_dump(self): env = Environment(autoescape=True) t = env.from_string('{{ x|tojson }}') - assert t.render(x={'foo': 'bar'}) == '{"foo": "bar"}' - assert t.render(x='"bar\'') == r'"\"bar\u0027"' + assert t.render(x={'foo': 'bar'}) == '{"foo": "bar"}' + assert t.render(x='"ba&r\'') == r'"\"ba\u0026r\u0027"' + assert t.render(x='<bar>') == r'"\u003cbar\u003e"' def my_dumps(value, **options): assert options == {'foo': 'bar'} |