Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#30399 closed Cleanup/optimization (fixed)

Use Python stdlib html.escape() to in django.utils.html.escape()

Reported by: Jon Dufresne Owned by: nobody
Component: Utilities Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The function django.utils.html.escape() partially duplicates the Python stdlib function html.escape(). We can replace this duplication with wider community developed version.

html.escape() has been available since Python 3.2:

https://docs.python.org/3/library/html.html#html.escape

This function is also faster than Django's. As Python bug https://bugs.python.org/issue18020 concludes, using .replace() can be faster than .translate(). This function gets called numerous times when rendering templates. After making the change locally, I saw the following improvement:

master:

$ python -m timeit -s 'from django.utils.html import escape' 'escape(copyright)'
50000 loops, best of 5: 4.03 usec per loop

branch:

$ python -m timeit -s 'from django.utils.html import escape' 'escape(copyright)'
100000 loops, best of 5: 2.45 usec per loop

One small concern, html.escape() converts ' to &#x27 rather than &#39. These values are functionally equivalent HTML, but I'll mention it as a backwards incompatible change as the literal text has changed

Change History (10)

comment:2 by Claude Paroz, 6 years ago

Partially related, wouldn't we take advantage of this and change most usages of the single quote inside strings by the typographic quote (, also “…”) where appropriate?

comment:3 by Claude Paroz, 6 years ago

Triage Stage: UnreviewedAccepted

comment:4 by Jon Dufresne, 6 years ago

Partially related, wouldn't we take advantage of this and change most usages of the single quote inside strings by the typographic quote (’, also “…”) where appropriate?

I like this idea but feel it is a different objective so I've followed through with in ticket #30400

comment:5 by Claude Paroz, 6 years ago

Triage Stage: AcceptedReady for checkin

comment:6 by Carlton Gibson, 6 years ago

Super. Thanks all!

comment:7 by Carlton Gibson <carlton.gibson@…>, 6 years ago

Resolution: fixed
Status: newclosed

In 8d76443a:

Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use html.escape()/unescape().

comment:8 by Claude Paroz, 6 years ago

One small concern, html.escape() converts ' to &#x27 rather than &#39.

It's annoying, as assertHTMLEqual seems to make a difference between those two equivalent representations, and that means different code paths in apps testing with different Django versions. That's something we should try to solve in django.test.html.

in reply to:  8 comment:9 by Jon Dufresne, 6 years ago

It's annoying, as assertHTMLEqual seems to make a difference between those two equivalent representations, and that means different code paths in apps testing with different Django versions. That's something we should try to solve in django.test.html.

Good idea. I added a PR for this.

comment:10 by Carlton Gibson <carlton.gibson@…>, 6 years ago

In 48235ba8:

Refs #30399 -- Made assertHTMLEqual normalize character and entity references.

Note: See TracTickets for help on using tickets.
Back to Top