diff options
author | Baptiste Mispelon <bmispelon@gmail.com> | 2021-11-19 16:52:57 +0100 |
---|---|---|
committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2021-11-22 11:52:19 +0100 |
commit | e6e664a71130ee74d2c4c6800e4131f132709997 (patch) | |
tree | 09187decdfad02d9d437b23841c3f0bd218facd6 | |
parent | dd528cb2cefc0db8b91a7ff0a2bc87305b976597 (diff) | |
download | django-e6e664a71130ee74d2c4c6800e4131f132709997.tar.gz |
Fixed #33302 -- Made element_id optional argument for json_script template filter.
Added versionchanged note in documentation
-rw-r--r-- | django/template/defaultfilters.py | 4 | ||||
-rw-r--r-- | django/utils/html.py | 13 | ||||
-rw-r--r-- | docs/ref/templates/builtins.txt | 6 | ||||
-rw-r--r-- | docs/releases/4.1.txt | 3 | ||||
-rw-r--r-- | tests/template_tests/filter_tests/test_json_script.py | 5 | ||||
-rw-r--r-- | tests/utils_tests/test_html.py | 6 |
6 files changed, 28 insertions, 9 deletions
diff --git a/django/template/defaultfilters.py b/django/template/defaultfilters.py index 5ccef38048..13070b303b 100644 --- a/django/template/defaultfilters.py +++ b/django/template/defaultfilters.py @@ -83,10 +83,10 @@ def escapejs_filter(value): @register.filter(is_safe=True) -def json_script(value, element_id): +def json_script(value, element_id=None): """ Output value JSON-encoded, wrapped in a <script type="application/json"> - tag. + tag (with an optional id). """ return _json_script(value, element_id) diff --git a/django/utils/html.py b/django/utils/html.py index da1b5675ec..be9f22312e 100644 --- a/django/utils/html.py +++ b/django/utils/html.py @@ -61,7 +61,7 @@ _json_script_escapes = { } -def json_script(value, element_id): +def json_script(value, element_id=None): """ Escape all the HTML/XML special characters with their unicode escapes, so value is safe to be output anywhere except for inside a tag attribute. Wrap @@ -69,10 +69,13 @@ def json_script(value, element_id): """ from django.core.serializers.json import DjangoJSONEncoder json_str = json.dumps(value, cls=DjangoJSONEncoder).translate(_json_script_escapes) - return format_html( - '<script id="{}" type="application/json">{}</script>', - element_id, mark_safe(json_str) - ) + if element_id: + template = '<script id="{}" type="application/json">{}</script>' + args = (element_id, mark_safe(json_str)) + else: + template = '<script type="application/json">{}</script>' + args = (mark_safe(json_str),) + return format_html(template, *args) def conditional_escape(text): diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt index 2edfd65c7b..f02a8f61c8 100644 --- a/docs/ref/templates/builtins.txt +++ b/docs/ref/templates/builtins.txt @@ -1832,7 +1832,7 @@ If ``value`` is the list ``['a', 'b', 'c']``, the output will be the string Safely outputs a Python object as JSON, wrapped in a ``<script>`` tag, ready for use with JavaScript. -**Argument:** HTML "id" of the ``<script>`` tag. +**Argument:** The optional HTML "id" of the ``<script>`` tag. For example:: @@ -1861,6 +1861,10 @@ This is compatible with a strict Content Security Policy that prohibits in-page script execution. It also maintains a clean separation between passive data and executable code. +.. versionchanged:: 4.1 + + In older versions, the HTML "id" was a required argument. + .. templatefilter:: last ``last`` diff --git a/docs/releases/4.1.txt b/docs/releases/4.1.txt index 7bfb527104..e8296e4d36 100644 --- a/docs/releases/4.1.txt +++ b/docs/releases/4.1.txt @@ -210,7 +210,8 @@ Signals Templates ~~~~~~~~~ -* ... +* :tfilter:`json_script` template filter now allows wrapping in a ``<script>`` + tag without the HTML ``id`` attribute. Tests ~~~~~ diff --git a/tests/template_tests/filter_tests/test_json_script.py b/tests/template_tests/filter_tests/test_json_script.py index 061fe32c12..1d38f678e0 100644 --- a/tests/template_tests/filter_tests/test_json_script.py +++ b/tests/template_tests/filter_tests/test_json_script.py @@ -17,3 +17,8 @@ class JsonScriptTests(SimpleTestCase): '{"a": "testing\\r\\njson \'string\\" \\u003Cb\\u003Eescaping\\u003C/b\\u003E"}' '</script>' ) + + @setup({'json-tag02': '{{ value|json_script }}'}) + def test_without_id(self): + output = self.engine.render_to_string('json-tag02', {'value': {}}) + self.assertEqual(output, '<script type="application/json">{}</script>') diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py index 909620ea3f..63644daf61 100644 --- a/tests/utils_tests/test_html.py +++ b/tests/utils_tests/test_html.py @@ -173,6 +173,12 @@ class TestUtilsHtml(SimpleTestCase): with self.subTest(arg=arg): self.assertEqual(json_script(arg, 'test_id'), expected) + def test_json_script_without_id(self): + self.assertHTMLEqual( + json_script({'key': 'value'}), + '<script type="application/json">{"key": "value"}</script>', + ) + def test_smart_urlquote(self): items = ( ('http://öäü.com/', 'http://xn--4ca9at.com/'), |