Commit a878bf9b authored by Baptiste Mispelon's avatar Baptiste Mispelon
Browse files

Revert "Fixed #20296 -- Allowed SafeData and EscapeData to be lazy" 

This reverts commit 2ee447fb.

That commit introduced a regression (#21882) and didn't really
do what it was supposed to: while it did delay the evaluation
of lazy objects passed to mark_safe(), they weren't actually
marked as such so they could end up being escaped twice.

Refs #21882.
parent a0fc7fa5

django/utils/safestring.py

+3 −7
Original line number Diff line number Diff line
@@ -4,7 +4,7 @@ without further escaping in HTML. Marking something as a "safe string" means 
that the producer of the string has already turned characters that should not

be interpreted by the HTML engine (e.g. '<') into the appropriate entities.

"""

from django.utils.functional import curry, Promise, allow_lazy

from django.utils.functional import curry, Promise

from django.utils import six
@@ -16,14 +16,14 @@ class EscapeBytes(bytes, EscapeData): 
    """

    A byte string that should be HTML-escaped when output.

    """

    __new__ = allow_lazy(bytes.__new__, bytes)

    pass





class EscapeText(six.text_type, EscapeData):

    """

    A unicode string object that should be HTML-escaped when output.

    """

    __new__ = allow_lazy(six.text_type.__new__, six.text_type)

    pass



if six.PY3:

    EscapeString = EscapeText
@@ -48,8 +48,6 @@ class SafeBytes(bytes, SafeData): 
    A bytes subclass that has been specifically marked as "safe" (requires no

    further escaping) for HTML output purposes.

    """

    __new__ = allow_lazy(bytes.__new__, bytes)



    def __add__(self, rhs):

        """

        Concatenating a safe byte string with another safe byte string or safe
@@ -83,8 +81,6 @@ class SafeText(six.text_type, SafeData): 
    A unicode (Python 2) / str (Python 3) subclass that has been specifically

    marked as "safe" for HTML output purposes.

    """

    __new__ = allow_lazy(six.text_type.__new__, six.text_type)



    def __add__(self, rhs):

        """

        Concatenating a safe unicode string with another safe byte string or

tests/utils_tests/test_safestring.py

+6 −11
Original line number Diff line number Diff line
@@ -3,8 +3,8 @@ from __future__ import unicode_literals 
from django.template import Template, Context

from django.test import TestCase

from django.utils.encoding import force_text, force_bytes

from django.utils.functional import lazy, Promise

from django.utils.safestring import mark_safe, mark_for_escaping

from django.utils.functional import lazy

from django.utils.safestring import mark_safe, mark_for_escaping, SafeData, EscapeData

from django.utils import six

from django.utils import translation
@@ -28,8 +28,8 @@ class SafeStringTest(TestCase): 
        s = lazystr('a&b')

        b = lazybytes(b'a&b')



        self.assertIsInstance(mark_safe(s), Promise)

        self.assertIsInstance(mark_safe(b), Promise)

        self.assertIsInstance(mark_safe(s), SafeData)

        self.assertIsInstance(mark_safe(b), SafeData)

        self.assertRenderEqual('{{ s }}', 'a&b', s=mark_safe(s))



    def test_mark_for_escaping(self):
@@ -41,15 +41,10 @@ class SafeStringTest(TestCase): 
        s = lazystr('a&b')

        b = lazybytes(b'a&b')



        self.assertIsInstance(mark_for_escaping(s), Promise)

        self.assertIsInstance(mark_for_escaping(b), Promise)

        self.assertIsInstance(mark_for_escaping(s), EscapeData)

        self.assertIsInstance(mark_for_escaping(b), EscapeData)

        self.assertRenderEqual('{% autoescape off %}{{ s }}{% endautoescape %}', 'a&amp;b', s=mark_for_escaping(s))



    def test_regression_20296(self):

        s = mark_safe(translation.ugettext_lazy("username"))

        with translation.override('fr'):

            self.assertRenderEqual('{{ s }}', "nom d'utilisateur", s=s)



    def test_html(self):

        s = '<h1>interop</h1>'

        self.assertEqual(s, mark_safe(s).__html__())