summaryrefslogtreecommitdiff
path: root/django
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2016-05-10 12:46:47 -0400
committerTim Graham <timograham@gmail.com>2016-05-10 12:46:47 -0400
commit2f0e0eee450775a71ac3eb42707dcd970ede42c8 (patch)
tree26149ef4a5feb6317f9b52c79239ca524a5bded4 /django
parentc3e108694966f045adcc0ba11133a2b3bf238770 (diff)
Fixed #24046 -- Deprecated the "escape" half of utils.safestring.
Diffstat (limited to 'django')
-rw-r--r--django/template/base.py16
-rw-r--r--django/template/defaultfilters.py8
-rw-r--r--django/utils/safestring.py4
3 files changed, 26 insertions, 2 deletions
diff --git a/django/template/base.py b/django/template/base.py
index c48746bbef..d97ee81326 100644
--- a/django/template/base.py
+++ b/django/template/base.py
@@ -54,6 +54,7 @@ from __future__ import unicode_literals
import inspect
import logging
import re
+import warnings
from django.template.context import ( # NOQA: imported for backwards compatibility
BaseContext, Context, ContextPopException, RequestContext,
@@ -722,6 +723,7 @@ class FilterExpression(object):
obj = string_if_invalid
else:
obj = self.var
+ escape_isnt_last_filter = True
for func, args in self.filters:
arg_vals = []
for lookup, arg in args:
@@ -738,9 +740,21 @@ class FilterExpression(object):
if getattr(func, 'is_safe', False) and isinstance(obj, SafeData):
obj = mark_safe(new_obj)
elif isinstance(obj, EscapeData):
- obj = mark_for_escaping(new_obj)
+ with warnings.catch_warnings():
+ # Ignore mark_for_escaping deprecation as this will be
+ # removed in Django 2.0.
+ warnings.simplefilter('ignore', category=RemovedInDjango20Warning)
+ obj = mark_for_escaping(new_obj)
+ escape_isnt_last_filter = False
else:
obj = new_obj
+ if not escape_isnt_last_filter:
+ warnings.warn(
+ "escape isn't the last filter in %s and will be applied "
+ "immediately in Django 2.0 so the output may change."
+ % [func.__name__ for func, _ in self.filters],
+ RemovedInDjango20Warning, stacklevel=2
+ )
return obj
def args_check(name, func, provided):
diff --git a/django/template/defaultfilters.py b/django/template/defaultfilters.py
index a4d568e5a6..e3dc48e474 100644
--- a/django/template/defaultfilters.py
+++ b/django/template/defaultfilters.py
@@ -3,6 +3,7 @@ from __future__ import unicode_literals
import random as random_module
import re
+import warnings
from decimal import ROUND_HALF_UP, Context, Decimal, InvalidOperation
from functools import wraps
from operator import itemgetter
@@ -10,6 +11,7 @@ from pprint import pformat
from django.utils import formats, six
from django.utils.dateformat import format, time_format
+from django.utils.deprecation import RemovedInDjango20Warning
from django.utils.encoding import force_text, iri_to_uri
from django.utils.html import (
avoid_wrapping, conditional_escape, escape, escapejs, linebreaks,
@@ -439,7 +441,11 @@ def escape_filter(value):
"""
Marks the value as a string that should be auto-escaped.
"""
- return mark_for_escaping(value)
+ with warnings.catch_warnings():
+ # Ignore mark_for_escaping deprecation -- this will use
+ # conditional_escape() in Django 2.0.
+ warnings.simplefilter('ignore', category=RemovedInDjango20Warning)
+ return mark_for_escaping(value)
@register.filter(is_safe=True)
diff --git a/django/utils/safestring.py b/django/utils/safestring.py
index 3d3bf1b62a..24a29e0747 100644
--- a/django/utils/safestring.py
+++ b/django/utils/safestring.py
@@ -4,7 +4,10 @@ without further escaping in HTML. Marking something as a "safe string" means
that the producer of the string has already turned characters that should not
be interpreted by the HTML engine (e.g. '<') into the appropriate entities.
"""
+import warnings
+
from django.utils import six
+from django.utils.deprecation import RemovedInDjango20Warning
from django.utils.functional import Promise, curry
@@ -138,6 +141,7 @@ def mark_for_escaping(s):
Can be called multiple times on a single string (the resulting escaping is
only applied once).
"""
+ warnings.warn('mark_for_escaping() is deprecated.', RemovedInDjango20Warning)
if hasattr(s, '__html__') or isinstance(s, EscapeData):
return s
if isinstance(s, bytes) or (isinstance(s, Promise) and s._delegate_bytes):