summaryrefslogtreecommitdiff
path: root/tests/utils_tests/test_safestring.py
AgeCommit message (Collapse)Author
2024-08-12Fixed #35648 -- Raised NotImplementedError in SafeString.__add__ for ↵Matthias Kestenholz
non-string RHS. This change ensures SafeString addition operations handle non-string RHS properly, allowing them to implement __radd__ for better compatibility.
2024-08-12Refs #35648 -- Added test for addition between SafeString and str in ↵Matthias Kestenholz
utils_tests.
2022-02-21Fixed #20296 -- Prevented mark_safe() from evaluating lazy objects.Theo Alexiou
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2022-01-29Fixed #33465 -- Added empty __slots__ to SafeString and SafeData.Keryn Knight
Despite inheriting from the str type, every SafeString instance gains an empty __dict__ due to the normal, expected behaviour of type subclassing in Python. Adding __slots__ to SafeData is necessary, because otherwise inheriting from that (as SafeString does) will give it a __dict__ and negate the benefit added by modifying SafeString.
2020-05-04Refs #30573 -- Rephrased "Of Course" and "Obvious(ly)" in documentation and ↵Adam Johnson
comments.
2019-02-06Refs #27753 -- Favored SafeString over SafeText.Tim Graham
2018-07-20Fixed #29412 -- Stopped marking slugify() result as HTML safe.Claude Paroz
2017-01-30Refs #27795 -- Prevented SafeText from losing safe status on str()Claude Paroz
This will allow to replace force_text() by str() in several places (as one of the features of force_text is to keep the safe status).
2017-01-30Reintroduced lazy import from commit 52138b1fd0Claude Paroz
2017-01-30Refs #23919 -- Removed usage of obsolete SafeBytes classClaude Paroz
The class will be removed as part of #27753. Thanks Tim Graham for the review.
2017-01-19Refs #23919 -- Stopped inheriting from object to define new style classes.Simon Charette
2017-01-18Refs #23919 -- Removed six.<various>_types usageClaude Paroz
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2017-01-17Refs #24046 -- Removed mark_for_escaping() per deprecation timeline.Tim Graham
2016-06-07Fixed #10107 -- Allowed using mark_safe() as a decorator.Scott Vitale
Thanks ArcTanSusan for the initial patch.
2016-05-10Fixed #24046 -- Deprecated the "escape" half of utils.safestring.Tim Graham
2015-12-12Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy().Iacopo Spalletti
Thanks to bmispelon and uruz for the initial patch.
2015-05-20Refs #24652 -- Used SimpleTestCase where appropriate.Simon Charette
2015-02-06Sorted imports with isort; refs #23860.Tim Graham
2014-12-27Fixed #23831 -- Supported strings escaped by third-party libs in Django.Aymeric Augustin
Refs #7261 -- Made strings escaped by Django usable in third-party libs. The changes in mark_safe and mark_for_escaping are straightforward. The more tricky part is to handle correctly objects that implement __html__. Historically escape() has escaped SafeData. Even if that doesn't seem a good behavior, changing it would create security concerns. Therefore support for __html__() was only added to conditional_escape() where this concern doesn't exist. Then using conditional_escape() instead of escape() in the Django template engine makes it understand data escaped by other libraries. Template filter |escape accounts for __html__() when it's available. |force_escape forces the use of Django's HTML escaping implementation. Here's why the change in render_value_in_context() is safe. Before Django 1.7 conditional_escape() was implemented as follows: if isinstance(text, SafeData): return text else: return escape(text) render_value_in_context() never called escape() on SafeData. Therefore replacing escape() with conditional_escape() doesn't change the autoescaping logic as it was originally intended. This change should be backported to Django 1.7 because it corrects a feature added in Django 1.7. Thanks mitsuhiko for the report.
2014-12-27Fixed an inconsistency introduced in 547b1810.Aymeric Augustin
mark_safe and mark_for_escaping should have been kept similar. On Python 2 this change has no effect. On Python 3 it fixes the use case shown in the regression test for mark_for_escaping, which used to raise a TypeError. The regression test for mark_safe is just for completeness.
2014-10-20Fixed #20221 -- Allowed some functions that use mark_safe() to result in ↵Jon Dufresne
SafeText. Thanks Baptiste Mispelon for the report.
2014-02-05Removed import which is now unusedAlex Gaynor
2014-02-05Revert "Fixed #20296 -- Allowed SafeData and EscapeData to be lazy"Baptiste Mispelon
This reverts commit 2ee447fb5f8974b432d3dd421af9a242215aea44. That commit introduced a regression (#21882) and didn't really do what it was supposed to: while it did delay the evaluation of lazy objects passed to mark_safe(), they weren't actually marked as such so they could end up being escaped twice. Refs #21882.
2013-11-02Fixed #21302 -- Fixed unused imports and import *.Tim Graham
2013-10-15Fixed #7261 -- support for __html__ for library interoperabilityUnai Zalakain
The idea is that if an object implements __html__ which returns a string this is used as HTML representation (eg: on escaping). If the object is a str or unicode subclass and returns itself the object is a safe string type. This is an updated patch based on jbalogh and ivank patches.
2013-07-29Removed most of absolute_import importsClaude Paroz
Should be unneeded with Python 2.7 and up. Added some unicode_literals along the way.
2013-05-25Fixed #20296 -- Allowed SafeData and EscapeData to be lazyBaptiste Mispelon