summaryrefslogtreecommitdiff
path: root/django/utils/safestring.py
AgeCommit message (Collapse)Author
2024-08-12Fixed #35648 -- Raised NotImplementedError in SafeString.__add__ for ↵Matthias Kestenholz
non-string RHS. This change ensures SafeString addition operations handle non-string RHS properly, allowing them to implement __radd__ for better compatibility.
2022-05-25Renamed wrapped functions to wrapper.Aymeric Augustin
All these functions are wrapping another function. They're the wrapper, while the function they're wrapping is the wrapped.
2022-02-21Fixed #20296 -- Prevented mark_safe() from evaluating lazy objects.Theo Alexiou
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2022-01-29Fixed #33465 -- Added empty __slots__ to SafeString and SafeData.Keryn Knight
Despite inheriting from the str type, every SafeString instance gains an empty __dict__ due to the normal, expected behaviour of type subclassing in Python. Adding __slots__ to SafeData is necessary, because otherwise inheriting from that (as SafeString does) will give it a __dict__ and negate the benefit added by modifying SafeString.
2019-12-06Fixed outdated import in django/utils/safestring.py.Baptiste Mispelon
The backported version of functools.wraps was removed in 13864703bc1d5dd4dac63c96c6a4b42a392bc57f.
2019-03-28Fixed "byte string" typo in various docs and comments.Mariusz Felisiak
2019-02-06Refs #27753 -- Favored SafeString over SafeText.Tim Graham
2019-02-05Refs #27753 -- Removed django.utils.safestring.SafeBytes.Tim Graham
2018-07-09Removed unneded str() calls prior to mark_safe(); simplified mark_safe().Sergey Fedoseev
2017-02-11Refs #27656 -- Updated django.utils docstring verbs according to PEP 257.Anton Samarchyan
2017-01-30Refs #27795 -- Prevented SafeText from losing safe status on str()Claude Paroz
This will allow to replace force_text() by str() in several places (as one of the features of force_text is to keep the safe status).
2017-01-30Refs #23919 -- Removed usage of obsolete SafeBytes classClaude Paroz
The class will be removed as part of #27753. Thanks Tim Graham for the review.
2017-01-26Refs #23919, #27778 -- Removed obsolete mentions of unicode.Vytis Banaitis
2017-01-25Refs #23919 -- Replaced super(ClassName, self) with super().chillaranand
2017-01-20Refs #23919 -- Removed unneeded str() callsClaude Paroz
2017-01-19Refs #23919 -- Stopped inheriting from object to define new style classes.Simon Charette
2017-01-18Refs #23919 -- Removed six.<various>_types usageClaude Paroz
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18Refs #23919 -- Removed six.PY2/PY3 usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-17Refs #24046 -- Removed mark_for_escaping() per deprecation timeline.Tim Graham
2016-11-14Fixed E305 flake8 warnings.Ramin Farajpour Cami
2016-06-07Fixed #10107 -- Allowed using mark_safe() as a decorator.Scott Vitale
Thanks ArcTanSusan for the initial patch.
2016-05-10Fixed #24046 -- Deprecated the "escape" half of utils.safestring.Tim Graham
2015-02-06Sorted imports with isort; refs #23860.Tim Graham
2014-12-27Fixed #23831 -- Supported strings escaped by third-party libs in Django.Aymeric Augustin
Refs #7261 -- Made strings escaped by Django usable in third-party libs. The changes in mark_safe and mark_for_escaping are straightforward. The more tricky part is to handle correctly objects that implement __html__. Historically escape() has escaped SafeData. Even if that doesn't seem a good behavior, changing it would create security concerns. Therefore support for __html__() was only added to conditional_escape() where this concern doesn't exist. Then using conditional_escape() instead of escape() in the Django template engine makes it understand data escaped by other libraries. Template filter |escape accounts for __html__() when it's available. |force_escape forces the use of Django's HTML escaping implementation. Here's why the change in render_value_in_context() is safe. Before Django 1.7 conditional_escape() was implemented as follows: if isinstance(text, SafeData): return text else: return escape(text) render_value_in_context() never called escape() on SafeData. Therefore replacing escape() with conditional_escape() doesn't change the autoescaping logic as it was originally intended. This change should be backported to Django 1.7 because it corrects a feature added in Django 1.7. Thanks mitsuhiko for the report.
2014-12-27Fixed an inconsistency introduced in 547b1810.Aymeric Augustin
mark_safe and mark_for_escaping should have been kept similar. On Python 2 this change has no effect. On Python 3 it fixes the use case shown in the regression test for mark_for_escaping, which used to raise a TypeError. The regression test for mark_safe is just for completeness.
2014-02-05Revert "Fixed #20296 -- Allowed SafeData and EscapeData to be lazy"Baptiste Mispelon
This reverts commit 2ee447fb5f8974b432d3dd421af9a242215aea44. That commit introduced a regression (#21882) and didn't really do what it was supposed to: while it did delay the evaluation of lazy objects passed to mark_safe(), they weren't actually marked as such so they could end up being escaped twice. Refs #21882.
2013-11-02Correct flake8 E302 violationsRay Ashman Jr
2013-11-02More attacking E302 violatorsAlex Gaynor
2013-10-15Fixed #7261 -- support for __html__ for library interoperabilityUnai Zalakain
The idea is that if an object implements __html__ which returns a string this is used as HTML representation (eg: on escaping). If the object is a str or unicode subclass and returns itself the object is a safe string type. This is an updated patch based on jbalogh and ivank patches.
2013-10-10Whitespace cleanup.Tim Graham
* Removed trailing whitespace. * Added newline to EOF if missing. * Removed blank lines at EOF. * Removed some stray tabs.
2013-05-25Fixed #20296 -- Allowed SafeData and EscapeData to be lazyBaptiste Mispelon
2012-08-18[py3] Ported django.utils.safestring.Aymeric Augustin
Backwards compatibility aliases were created under Python 2.
2012-08-07[py3] Ported django.utils.functional.Aymeric Augustin
2012-07-22[py3] Replaced unicode/str by six.text_type/bytes.Aymeric Augustin
2007-12-02Fixed #6071 -- Fixed another infinite recursion problem in SafeString andMalcolm Tredinnick
SafeUnicode. Thanks, Trey Long. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6845 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-12-01Fixed #6021 -- Removed some brain damage from SafeString. Not quite sure what IMalcolm Tredinnick
was smoking there. Thanks, Jan Rademaker. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6807 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-17Fixed #5960 -- Fixed some Python 2.3 incompatibilities.Malcolm Tredinnick
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6685 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14Implemented auto-escaping of variable output in templates. Fully ↵Malcolm Tredinnick
controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359 See documentation in templates.txt and templates_python.txt for how everything works. Backwards incompatible if you're inserting raw HTML output via template variables. Based on an original design from Simon Willison and with debugging help from Michael Radziej. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6671 bcc190cf-cafb-0310-a4f2-bffc1f526a37