Ticket #25484: static_escape.2.patch

File static_escape.2.patch, 1.4 KB (added by João Miguel Neves, 9 years ago)

Patch to fix the static lack of escape issue (now also covering staticfiles)

  • django/contrib/staticfiles/templatetags/staticfiles.py 

    diff --git a/django/contrib/staticfiles/templatetags/staticfiles.py b/django/contrib/staticfiles/templatetags/staticfiles.py
index e3bea93..a5a0ef4 100644
    a b  
    11from django import template
    22from django.contrib.staticfiles.storage import staticfiles_storage
     3from django.utils.html import escape
    34from django.templatetags.static import StaticNode
    45
    56register = template.Library()
    class StaticFilesNode(StaticNode):  
    1314
    1415    def url(self, context):
    1516        path = self.path.resolve(context)
    16         return static(path)
     17        return escape(static(path))
    1718
    1819
    1920@register.tag('static')

  • django/templatetags/static.py 

    diff --git a/django/templatetags/static.py b/django/templatetags/static.py
index 7541adb..a40707e 100644
    a b  
    11from django import template
    22from django.utils.encoding import iri_to_uri
     3from django.utils.html import escape
    34from django.utils.six.moves.urllib.parse import urljoin
    45
    56register = template.Library()
    class StaticNode(template.Node):  
    102103    def render(self, context):
    103104        url = self.url(context)
    104105        if self.varname is None:
    105             return url
     106            return escape(url)
    106107        context[self.varname] = url
    107108        return ''
    108109
Back to Top