Ticket #6049: 6721_tests.diff

File 6721_tests.diff, 4.1 KB (added by Chris Beaven, 17 years ago)
  • tests/regressiontests/templates/filters.py

     
    1212from django.utils.tzinfo import LocalTimezone
    1313from django.utils.safestring import mark_safe
    1414
     15class UnsafeClass:
     16    "Class whose __unicode__ returns unsafe html"
     17    def __unicode__(self):
     18        return u'you & me'
     19
     20class SafeClass:
     21    "Class whose __unicode__ returns html marked as safe"
     22    def __unicode__(self):
     23        return mark_safe(u'you > me')
     24
    1525# RESULT SYNTAX --
    1626# 'template_name': ('template contents', 'context dict',
    1727#                   'expected string output' or Exception class)
     
    227237        'chaining12': ('{% autoescape off %}{{ a|cut:"b"|safe }}{% endautoescape %}', {"a": "a < b"}, "a < "),
    228238        'chaining13': ('{{ a|safe|force_escape }}', {"a": "a < b"}, "a &lt; b"),
    229239        'chaining14': ('{% autoescape off %}{{ a|safe|force_escape }}{% endautoescape %}', {"a": "a < b"}, "a &lt; b"),
     240
     241        # Filters decorated with stringfilter still respect is_safe.
     242        'autoescape-stringfilter01': (r'{{ unsafe|capfirst }}', {'unsafe': UnsafeClass()}, 'You &amp; me'),
     243        'autoescape-stringfilter02': (r'{% autoescape off %}{{ unsafe|capfirst }}{% endautoescape %}', {'unsafe': UnsafeClass()}, 'You & me'),
     244        'autoescape-stringfilter03': (r'{{ safe|capfirst }}', {'safe': SafeClass()}, 'You &gt; me'),
     245        'autoescape-stringfilter04': (r'{% autoescape off %}{{ safe|capfirst }}{% endautoescape %}', {'safe': SafeClass()}, 'You &gt; me'),
    230246    }
  • tests/regressiontests/templates/tests.py

     
    8080    def __str__(self):
    8181        return u'ŠĐĆŽćžšđ'.encode('utf-8')
    8282
     83class UnsafeClass:
     84    "Class whose __unicode__ returns unsafe html"
     85    def __unicode__(self):
     86        return u'you & me'
     87
     88class SafeClass:
     89    "Class whose __unicode__ returns html marked as safe"
     90    def __unicode__(self):
     91        return mark_safe(u'you &gt; me')
     92
    8393class Templates(unittest.TestCase):
    8494    def test_loaders_security(self):
    8595        def test_template_sources(path, template_dirs, expected_sources):
     
    899909
    900910            # Literal string arguments to filters, if used in the result, are
    901911            # safe.
    902             'basic-syntax08': (r'{% autoescape on %}{{ var|default_if_none:" endquote\" hah" }}{% endautoescape %}', {"var": None}, ' endquote" hah'),
     912            'autoescape-tag08': (r'{% autoescape on %}{{ var|default_if_none:" endquote\" hah" }}{% endautoescape %}', {"var": None}, ' endquote" hah'),
    903913
     914            # Objects which return safe strings as their __unicode__ method
     915            # won't get double-escaped.
     916            'autoescape-tag09': (r'{{ unsafe }}', {'unsafe': UnsafeClass()}, 'you &amp; me'),
     917            'autoescape-tag10': (r'{{ safe }}', {'safe': SafeClass()}, 'you &gt; me'),
     918
    904919            # The "safe" and "escape" filters cannot work due to internal
    905920            # implementation details (fortunately, the (no)autoescape block
    906921            # tags can be used in those cases)
  • django/template/defaultfilters.py

     
    2525        if args:
    2626            args = list(args)
    2727            args[0] = force_unicode(args[0])
    28         if isinstance(args[0], SafeData) and getattr(func, 'is_safe', False):
    29             return mark_safe(func(*args, **kwargs))
     28            # If a first argument is a safe string, ensure the is_safe handling
     29            # will work as expected.
     30            if isinstance(args[0], SafeData) and getattr(func, 'is_safe', False):
     31                return mark_safe(func(*args, **kwargs))
    3032        return func(*args, **kwargs)
    3133
    3234    # Include a reference to the real function (used to check original
Back to Top