diff options
| author | Malcolm Tredinnick <malcolm.tredinnick@gmail.com> | 2007-11-17 12:11:26 +0000 |
|---|---|---|
| committer | Malcolm Tredinnick <malcolm.tredinnick@gmail.com> | 2007-11-17 12:11:26 +0000 |
| commit | 0928fa5566bac9404a5a0d1810c2c00ffa81c59f (patch) | |
| tree | 8b4ecef518de88b47e5f2230ae48ffcb9d9a1168 /django | |
| parent | 0b0ef3f0c573e831a4902120b8407c5b4b7daf69 (diff) | |
Fixed #5945 -- Treat string literals in template filter arguments as safe
strings for auto-escaping purposes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6680 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'django')
| -rw-r--r-- | django/template/__init__.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/django/template/__init__.py b/django/template/__init__.py index edc2150af0..761c08d6c9 100644 --- a/django/template/__init__.py +++ b/django/template/__init__.py @@ -594,7 +594,7 @@ class FilterExpression(object): arg_vals = [] for lookup, arg in args: if not lookup: - arg_vals.append(arg) + arg_vals.append(mark_safe(arg)) else: arg_vals.append(arg.resolve(context)) if getattr(func, 'needs_autoescape', False): @@ -707,7 +707,7 @@ class Variable(object): # If it's wrapped with quotes (single or double), then # we're also dealing with a literal. if var[0] in "\"'" and var[0] == var[-1]: - self.literal = var[1:-1] + self.literal = mark_safe(var[1:-1]) else: # Otherwise we'll set self.lookups so that resolve() knows we're # dealing with a bonafide variable |
