Commit 9219741e authored by Russell Keith-Magee's avatar Russell Keith-Magee
Browse files

[1.0.X] Fixed #11413 -- Added notes on the cycle and firstof tag detailing... 

[1.0.X] Fixed #11413 -- Added notes on the cycle and firstof tag detailing that variables output by those tags will not be escaped by default. Thanks to krystal for the report and draft patch.

Merge of r11163 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@11166 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent 4aca3be9

django/template/defaulttags.py

+10 −4
Original line number Diff line number Diff line
@@ -562,7 +562,7 @@ do_filter = register.tag("filter", do_filter) 
#@register.tag

def firstof(parser, token):

    """

    Outputs the first variable passed that is not False.

    Outputs the first variable passed that is not False, without escaping.



    Outputs nothing if all the passed variables are False.
@@ -573,11 +573,11 @@ def firstof(parser, token): 
    This is equivalent to::



        {% if var1 %}

            {{ var1 }}

            {{ var1|safe }}

        {% else %}{% if var2 %}

            {{ var2 }}

            {{ var2|safe }}

        {% else %}{% if var3 %}

            {{ var3 }}

            {{ var3|safe }}

        {% endif %}{% endif %}{% endif %}



    but obviously much cleaner!
@@ -587,6 +587,12 @@ def firstof(parser, token): 


        {% firstof var1 var2 var3 "fallback value" %}



    If you want to escape the output, use a filter tag::



        {% filter force_escape %}

            {% firstof var1 var2 var3 "fallback value" %}

	{% endfilter %}



    """

    bits = token.split_contents()[1:]

    if len(bits) < 1:

docs/ref/templates/builtins.txt

+22 −5
Original line number Diff line number Diff line
@@ -101,6 +101,14 @@ You can use any number of values in a ``{% cycle %}`` tag, separated by spaces. 
Values enclosed in single (``'``) or double quotes (``"``) are treated as

string literals, while values without quotes are treated as template variables.



Note that the variables included in the cycle will not be escaped. This is

because template tags do not escape their content. If you want to escape the

variables in the cycle, you must do so explicitly::



    {% filter force_escape %}

        {% cycle var1 var2 var3 %}

    {% endfilter %}



For backwards compatibility, the ``{% cycle %}`` tag supports the much inferior

old syntax from previous Django versions. You shouldn't use this in any new

projects, but for the sake of the people who are still using it, here's what it
@@ -160,8 +168,9 @@ Sample usage:: 
firstof

~~~~~~~



Outputs the first variable passed that is not False.  Outputs nothing if all the

passed variables are False.

Outputs the first variable passed that is not False, without escaping.



Outputs nothing if all the passed variables are False.



Sample usage::
@@ -170,11 +179,11 @@ Sample usage:: 
This is equivalent to::



    {% if var1 %}

        {{ var1 }}

        {{ var1|safe }}

    {% else %}{% if var2 %}

        {{ var2 }}

        {{ var2|safe }}

    {% else %}{% if var3 %}

        {{ var3 }}

        {{ var3|safe }}

    {% endif %}{% endif %}{% endif %}



You can also use a literal string as a fallback value in case all
@@ -182,6 +191,14 @@ passed variables are False:: 


    {% firstof var1 var2 var3 "fallback value" %}



Note that the variables included in the firstof tag will not be escaped. This

is because template tags do not escape their content. If you want to escape

the variables in the firstof tag, you must do so explicitly::



    {% filter force_escape %}

        {% firstof var1 var2 var3 "fallback value" %}

    {% endfilter %}



.. templatetag:: for



for