diff options
author | Tim Graham <timograham@gmail.com> | 2016-01-22 19:01:54 -0500 |
---|---|---|
committer | Tim Graham <timograham@gmail.com> | 2016-03-05 11:00:12 -0500 |
commit | c3e22ba78d1f6a780d1181cb16e3240136f2ae59 (patch) | |
tree | 9b8cb65ffc2a7a8797a294093240befd449c9aa2 | |
parent | 9ed4a788aa8d6ba6a57a2daa15253c3047048dfb (diff) | |
download | django-24046.tar.gz |
Refs #24046 -- POC for mark_for_escaping() removal.24046
-rw-r--r-- | django/template/base.py | 9 | ||||
-rw-r--r-- | django/template/defaultfilters.py | 4 | ||||
-rw-r--r-- | django/utils/safestring.py | 42 | ||||
-rw-r--r-- | docs/howto/custom-template-tags.txt | 9 | ||||
-rw-r--r-- | docs/ref/utils.txt | 8 | ||||
-rw-r--r-- | docs/releases/1.7.2.txt | 2 | ||||
-rw-r--r-- | docs/topics/python3.txt | 12 | ||||
-rw-r--r-- | tests/template_tests/filter_tests/test_force_escape.py | 4 | ||||
-rw-r--r-- | tests/utils_tests/test_safestring.py | 34 |
9 files changed, 12 insertions, 112 deletions
diff --git a/django/template/base.py b/django/template/base.py index 50b55f4b69..25174a1518 100644 --- a/django/template/base.py +++ b/django/template/base.py @@ -68,9 +68,7 @@ from django.utils.encoding import ( from django.utils.formats import localize from django.utils.html import conditional_escape, escape from django.utils.inspect import getargspec -from django.utils.safestring import ( - EscapeData, SafeData, mark_for_escaping, mark_safe, -) +from django.utils.safestring import SafeData, mark_safe from django.utils.text import ( get_text_list, smart_split, unescape_string_literal, ) @@ -737,8 +735,6 @@ class FilterExpression(object): new_obj = func(obj, *arg_vals) if getattr(func, 'is_safe', False) and isinstance(obj, SafeData): obj = mark_safe(new_obj) - elif isinstance(obj, EscapeData): - obj = mark_for_escaping(new_obj) else: obj = new_obj return obj @@ -1012,8 +1008,7 @@ def render_value_in_context(value, context): value = template_localtime(value, use_tz=context.use_tz) value = localize(value, use_l10n=context.use_l10n) value = force_text(value) - if ((context.autoescape and not isinstance(value, SafeData)) or - isinstance(value, EscapeData)): + if context.autoescape: return conditional_escape(value) else: return value diff --git a/django/template/defaultfilters.py b/django/template/defaultfilters.py index a7c9b718ff..85d1aaa3c0 100644 --- a/django/template/defaultfilters.py +++ b/django/template/defaultfilters.py @@ -16,7 +16,7 @@ from django.utils.html import ( strip_tags, urlize as _urlize, ) from django.utils.http import urlquote -from django.utils.safestring import SafeData, mark_for_escaping, mark_safe +from django.utils.safestring import SafeData, mark_safe from django.utils.text import ( Truncator, normalize_newlines, phone2numeric, slugify as _slugify, wrap, ) @@ -441,7 +441,7 @@ def escape_filter(value): """ Marks the value as a string that should be auto-escaped. """ - return mark_for_escaping(value) + return conditional_escape(value) @register.filter(is_safe=True) diff --git a/django/utils/safestring.py b/django/utils/safestring.py index 3d3bf1b62a..40be743c04 100644 --- a/django/utils/safestring.py +++ b/django/utils/safestring.py @@ -8,31 +8,6 @@ from django.utils import six from django.utils.functional import Promise, curry -class EscapeData(object): - pass - - -class EscapeBytes(bytes, EscapeData): - """ - A byte string that should be HTML-escaped when output. - """ - pass - - -class EscapeText(six.text_type, EscapeData): - """ - A unicode string object that should be HTML-escaped when output. - """ - pass - -if six.PY3: - EscapeString = EscapeText -else: - EscapeString = EscapeBytes - # backwards compatibility for Python 2 - EscapeUnicode = EscapeText - - class SafeData(object): def __html__(self): """ @@ -128,20 +103,3 @@ def mark_safe(s): if isinstance(s, (six.text_type, Promise)): return SafeText(s) return SafeString(str(s)) - - -def mark_for_escaping(s): - """ - Explicitly mark a string as requiring HTML escaping upon output. Has no - effect on SafeData subclasses. - - Can be called multiple times on a single string (the resulting escaping is - only applied once). - """ - if hasattr(s, '__html__') or isinstance(s, EscapeData): - return s - if isinstance(s, bytes) or (isinstance(s, Promise) and s._delegate_bytes): - return EscapeBytes(s) - if isinstance(s, (six.text_type, Promise)): - return EscapeText(s) - return EscapeString(str(s)) diff --git a/docs/howto/custom-template-tags.txt b/docs/howto/custom-template-tags.txt index 97179de7b0..69e223c01c 100644 --- a/docs/howto/custom-template-tags.txt +++ b/docs/howto/custom-template-tags.txt @@ -210,15 +210,6 @@ passed around inside the template code: # Do something with the "safe" string. ... -* **Strings marked as "needing escaping"** are *always* escaped on - output, regardless of whether they are in an :ttag:`autoescape` block or - not. These strings are only escaped once, however, even if auto-escaping - applies. - - Internally, these strings are of type ``EscapeBytes`` or - ``EscapeText``. Generally you don't have to worry about these; they - exist for the implementation of the :tfilter:`escape` filter. - Template filter code falls into one of two situations: 1. Your filter does not introduce any HTML-unsafe characters (``<``, ``>``, diff --git a/docs/ref/utils.txt b/docs/ref/utils.txt index 2a330ca953..c696627fc6 100644 --- a/docs/ref/utils.txt +++ b/docs/ref/utils.txt @@ -840,14 +840,6 @@ appropriate entities. >>> type(mystr) <type 'str'> -.. function:: mark_for_escaping(s) - - Explicitly mark a string as requiring HTML escaping upon output. Has no - effect on ``SafeData`` subclasses. - - Can be called multiple times on a single string (the resulting escaping is - only applied once). - ``django.utils.text`` ===================== diff --git a/docs/releases/1.7.2.txt b/docs/releases/1.7.2.txt index 040c983fcb..056f432978 100644 --- a/docs/releases/1.7.2.txt +++ b/docs/releases/1.7.2.txt @@ -177,7 +177,7 @@ Bugfixes setup (:ticket:`24000`). * Restored support for objects that aren't :class:`str` or :class:`bytes` in - :func:`~django.utils.safestring.mark_for_escaping` on Python 3. + ``django.utils.safestring.mark_for_escaping()`` on Python 3. * Supported strings escaped by third-party libraries with the ``__html__`` convention in the template engine (:ticket:`23831`). diff --git a/docs/topics/python3.txt b/docs/topics/python3.txt index 003dd0ebc5..c252e98d49 100644 --- a/docs/topics/python3.txt +++ b/docs/topics/python3.txt @@ -112,22 +112,18 @@ For forwards compatibility, the new names work as of Django 1.4.2. information. :mod:`django.utils.safestring` is mostly used via the -:func:`~django.utils.safestring.mark_safe` and -:func:`~django.utils.safestring.mark_for_escaping` functions, which didn't -change. In case you're using the internals, here are the name changes: +:func:`~django.utils.safestring.mark_safe` function, which didn't change. In +case you're using the internals, here are the name changes: ================== ================== Old name New name ================== ================== -``EscapeString`` ``EscapeBytes`` -``EscapeUnicode`` ``EscapeText`` ``SafeString`` ``SafeBytes`` ``SafeUnicode`` ``SafeText`` ================== ================== -For backwards compatibility, the old names still work on Python 2. Under -Python 3, ``EscapeString`` and ``SafeString`` are aliases for ``EscapeText`` -and ``SafeText`` respectively. +For backwards compatibility, the old names still work on Python 2. On Python 3, +``SafeString`` is an alias for ``SafeText``. For forwards compatibility, the new names work as of Django 1.4.2. diff --git a/tests/template_tests/filter_tests/test_force_escape.py b/tests/template_tests/filter_tests/test_force_escape.py index 875ecb0ad9..45f4efde62 100644 --- a/tests/template_tests/filter_tests/test_force_escape.py +++ b/tests/template_tests/filter_tests/test_force_escape.py @@ -49,12 +49,12 @@ class ForceEscapeTests(SimpleTestCase): @setup({'force-escape07': '{% autoescape off %}{{ a|escape|force_escape }}{% endautoescape %}'}) def test_force_escape07(self): output = self.engine.render_to_string('force-escape07', {"a": "x&y"}) - self.assertEqual(output, "x&y") + self.assertEqual(output, "x&amp;y") @setup({'force-escape08': '{{ a|escape|force_escape }}'}) def test_force_escape08(self): output = self.engine.render_to_string('force-escape08', {"a": "x&y"}) - self.assertEqual(output, "x&y") + self.assertEqual(output, "x&amp;y") class FunctionTests(SimpleTestCase): diff --git a/tests/utils_tests/test_safestring.py b/tests/utils_tests/test_safestring.py index 7cc92a1370..2995a09552 100644 --- a/tests/utils_tests/test_safestring.py +++ b/tests/utils_tests/test_safestring.py @@ -5,9 +5,7 @@ from django.test import SimpleTestCase from django.utils import html, six, text from django.utils.encoding import force_bytes from django.utils.functional import lazy, lazystr -from django.utils.safestring import ( - EscapeData, SafeData, mark_for_escaping, mark_safe, -) +from django.utils.safestring import SafeData, mark_safe lazybytes = lazy(force_bytes, bytes) @@ -62,36 +60,6 @@ class SafeStringTest(SimpleTestCase): def test_mark_safe_lazy_result_implements_dunder_html(self): self.assertEqual(mark_safe(lazystr('a&b')).__html__(), 'a&b') - def test_mark_for_escaping(self): - s = mark_for_escaping('a&b') - self.assertRenderEqual('{{ s }}', 'a&b', s=s) - self.assertRenderEqual('{{ s }}', 'a&b', s=mark_for_escaping(s)) - - def test_mark_for_escaping_object_implementing_dunder_html(self): - e = customescape('<a&b>') - s = mark_for_escaping(e) - self.assertIs(s, e) - - self.assertRenderEqual('{{ s }}', '<<a&b>>', s=s) - self.assertRenderEqual('{{ s|force_escape }}', '<a&b>', s=s) - - def test_mark_for_escaping_lazy(self): - s = lazystr('a&b') - b = lazybytes(b'a&b') - - self.assertIsInstance(mark_for_escaping(s), EscapeData) - self.assertIsInstance(mark_for_escaping(b), EscapeData) - self.assertRenderEqual('{% autoescape off %}{{ s }}{% endautoescape %}', 'a&b', s=mark_for_escaping(s)) - - def test_mark_for_escaping_object_implementing_dunder_str(self): - class Obj(object): - def __str__(self): - return '<obj>' - - s = mark_for_escaping(Obj()) - - self.assertRenderEqual('{{ s }}', '<obj>', s=s) - def test_add_lazy_safe_text_and_safe_text(self): s = html.escape(lazystr('a')) s += mark_safe('&b') |