From 84216ef05e6099235559a9a018bf4e0ad6ecff70 Mon Sep 17 00:00:00 2001 From: Karen Tracey Date: Tue, 28 Oct 2008 19:04:59 +0000 Subject: [1.0.X] Fixed #8966 -- Changed is_safe for length_is filter to False, since its return value is a boolean, not a string. Thanks Thomas Steinacher, carljm, and SmileyChris. Backport of r9291 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@9292 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- docs/howto/custom-template-tags.txt | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'docs') diff --git a/docs/howto/custom-template-tags.txt b/docs/howto/custom-template-tags.txt index 8923cbbb13..b680272f40 100644 --- a/docs/howto/custom-template-tags.txt +++ b/docs/howto/custom-template-tags.txt @@ -241,6 +241,12 @@ Template filter code falls into one of two situations: this tricky, but keep an eye out for any problems like that when reviewing your code. + Marking a filter ``is_safe`` will coerce the filter's return value to + a string. If your filter should return a boolean or other non-string + value, marking it ``is_safe`` will probably have unintended + consequences (such as converting a boolean False to the string + 'False'). + 2. Alternatively, your filter code can manually take care of any necessary escaping. This is necessary when you're introducing new HTML markup into the result. You want to mark the output as safe from further -- cgit v1.3