Loading django/template/backends/jinja2.py +8 −6 Original line number Diff line number Diff line Loading @@ -4,12 +4,11 @@ from __future__ import absolute_import import sys from django.conf import settings from django.template import TemplateDoesNotExist from django.template import TemplateDoesNotExist, TemplateSyntaxError from django.utils import six from django.utils.module_loading import import_string from jinja2 import ( DebugUndefined, FileSystemLoader, TemplateNotFound, Undefined) import jinja2 from .base import BaseEngine from .utils import csrf_input_lazy, csrf_token_lazy Loading @@ -28,10 +27,10 @@ class Jinja2(BaseEngine): environment_cls = import_string(environment) options.setdefault('autoescape', True) options.setdefault('loader', FileSystemLoader(self.template_dirs)) options.setdefault('loader', jinja2.FileSystemLoader(self.template_dirs)) options.setdefault('auto_reload', settings.DEBUG) options.setdefault('undefined', DebugUndefined if settings.DEBUG else Undefined) jinja2.DebugUndefined if settings.DEBUG else jinja2.Undefined) self.env = environment_cls(**options) Loading @@ -41,9 +40,12 @@ class Jinja2(BaseEngine): def get_template(self, template_name): try: return Template(self.env.get_template(template_name)) except TemplateNotFound as exc: except jinja2.TemplateNotFound as exc: six.reraise(TemplateDoesNotExist, TemplateDoesNotExist(exc.args), sys.exc_info()[2]) except jinja2.TemplateSyntaxError as exc: six.reraise(TemplateSyntaxError, TemplateSyntaxError(exc.args), sys.exc_info()[2]) class Template(object): Loading tests/template_backends/jinja2/template_backends/syntax_error.html 0 → 100644 +1 −0 Original line number Diff line number Diff line {% block %} tests/template_backends/templates/template_backends/syntax_error.html 0 → 100644 +1 −0 Original line number Diff line number Diff line {% block %} tests/template_backends/test_dummy.py +9 −1 Original line number Diff line number Diff line Loading @@ -4,7 +4,7 @@ from __future__ import unicode_literals from django.http import HttpRequest from django.middleware.csrf import CsrfViewMiddleware, get_token from django.template import TemplateDoesNotExist from django.template import TemplateDoesNotExist, TemplateSyntaxError from django.template.backends.dummy import TemplateStrings from django.test import SimpleTestCase Loading Loading @@ -39,6 +39,14 @@ class TemplateStringsTests(SimpleTestCase): with self.assertRaises(TemplateDoesNotExist): self.engine.get_template('template_backends/non_existing.html') def test_get_template_syntax_error(self): # There's no way to trigger a syntax error with the dummy backend. # The test still lives here to factor it between other backends. if self.backend_name == 'dummy': return with self.assertRaises(TemplateSyntaxError): self.engine.get_template('template_backends/syntax_error.html') def test_html_escaping(self): template = self.engine.get_template('template_backends/hello.html') context = {'name': '<script>alert("XSS!");</script>'} Loading Loading
django/template/backends/jinja2.py +8 −6 Original line number Diff line number Diff line Loading @@ -4,12 +4,11 @@ from __future__ import absolute_import import sys from django.conf import settings from django.template import TemplateDoesNotExist from django.template import TemplateDoesNotExist, TemplateSyntaxError from django.utils import six from django.utils.module_loading import import_string from jinja2 import ( DebugUndefined, FileSystemLoader, TemplateNotFound, Undefined) import jinja2 from .base import BaseEngine from .utils import csrf_input_lazy, csrf_token_lazy Loading @@ -28,10 +27,10 @@ class Jinja2(BaseEngine): environment_cls = import_string(environment) options.setdefault('autoescape', True) options.setdefault('loader', FileSystemLoader(self.template_dirs)) options.setdefault('loader', jinja2.FileSystemLoader(self.template_dirs)) options.setdefault('auto_reload', settings.DEBUG) options.setdefault('undefined', DebugUndefined if settings.DEBUG else Undefined) jinja2.DebugUndefined if settings.DEBUG else jinja2.Undefined) self.env = environment_cls(**options) Loading @@ -41,9 +40,12 @@ class Jinja2(BaseEngine): def get_template(self, template_name): try: return Template(self.env.get_template(template_name)) except TemplateNotFound as exc: except jinja2.TemplateNotFound as exc: six.reraise(TemplateDoesNotExist, TemplateDoesNotExist(exc.args), sys.exc_info()[2]) except jinja2.TemplateSyntaxError as exc: six.reraise(TemplateSyntaxError, TemplateSyntaxError(exc.args), sys.exc_info()[2]) class Template(object): Loading
tests/template_backends/jinja2/template_backends/syntax_error.html 0 → 100644 +1 −0 Original line number Diff line number Diff line {% block %}
tests/template_backends/templates/template_backends/syntax_error.html 0 → 100644 +1 −0 Original line number Diff line number Diff line {% block %}
tests/template_backends/test_dummy.py +9 −1 Original line number Diff line number Diff line Loading @@ -4,7 +4,7 @@ from __future__ import unicode_literals from django.http import HttpRequest from django.middleware.csrf import CsrfViewMiddleware, get_token from django.template import TemplateDoesNotExist from django.template import TemplateDoesNotExist, TemplateSyntaxError from django.template.backends.dummy import TemplateStrings from django.test import SimpleTestCase Loading Loading @@ -39,6 +39,14 @@ class TemplateStringsTests(SimpleTestCase): with self.assertRaises(TemplateDoesNotExist): self.engine.get_template('template_backends/non_existing.html') def test_get_template_syntax_error(self): # There's no way to trigger a syntax error with the dummy backend. # The test still lives here to factor it between other backends. if self.backend_name == 'dummy': return with self.assertRaises(TemplateSyntaxError): self.engine.get_template('template_backends/syntax_error.html') def test_html_escaping(self): template = self.engine.get_template('template_backends/hello.html') context = {'name': '<script>alert("XSS!");</script>'} Loading
