mirror of
				https://github.com/django/django.git
				synced 2025-10-25 06:36:07 +00:00 
			
		
		
		
	[1.0.X] Fixed #8966 -- Changed is_safe for length_is filter to False, since its return value is a boolean, not a string.
Thanks Thomas Steinacher, carljm, and SmileyChris. Backport of r9291 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@9292 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
		| @@ -476,7 +476,7 @@ length.is_safe = True | |||||||
| def length_is(value, arg): | def length_is(value, arg): | ||||||
|     """Returns a boolean of whether the value's length is the argument.""" |     """Returns a boolean of whether the value's length is the argument.""" | ||||||
|     return len(value) == int(arg) |     return len(value) == int(arg) | ||||||
| length_is.is_safe = True | length_is.is_safe = False | ||||||
|  |  | ||||||
| def random(value): | def random(value): | ||||||
|     """Returns a random item from the list.""" |     """Returns a random item from the list.""" | ||||||
|   | |||||||
| @@ -241,6 +241,12 @@ Template filter code falls into one of two situations: | |||||||
|        this tricky, but keep an eye out for any problems like that when |        this tricky, but keep an eye out for any problems like that when | ||||||
|        reviewing your code. |        reviewing your code. | ||||||
|  |  | ||||||
|  |        Marking a filter ``is_safe`` will coerce the filter's return value to | ||||||
|  |        a string.  If your filter should return a boolean or other non-string | ||||||
|  |        value, marking it ``is_safe`` will probably have unintended | ||||||
|  |        consequences (such as converting a boolean False to the string | ||||||
|  |        'False'). | ||||||
|  |  | ||||||
|     2. Alternatively, your filter code can manually take care of any necessary |     2. Alternatively, your filter code can manually take care of any necessary | ||||||
|        escaping. This is necessary when you're introducing new HTML markup into |        escaping. This is necessary when you're introducing new HTML markup into | ||||||
|        the result. You want to mark the output as safe from further |        the result. You want to mark the output as safe from further | ||||||
|   | |||||||
| @@ -277,5 +277,9 @@ def get_filter_tests(): | |||||||
|  |  | ||||||
|         'escapejs01': (r'{{ a|escapejs }}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'), |         'escapejs01': (r'{{ a|escapejs }}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'), | ||||||
|         'escapejs02': (r'{% autoescape off %}{{ a|escapejs }}{% endautoescape %}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'), |         'escapejs02': (r'{% autoescape off %}{{ a|escapejs }}{% endautoescape %}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'), | ||||||
|  |          | ||||||
|  |         # Boolean return value from length_is should not be coerced to a string | ||||||
|  |         'lengthis01': (r'{% if "X"|length_is:0 %}Length is 0{% else %}Length not 0{% endif %}', {}, 'Length not 0'), | ||||||
|  |         'lengthis02': (r'{% if "X"|length_is:1 %}Length is 1{% else %}Length not 1{% endif %}', {}, 'Length is 1'), | ||||||
|     } |     } | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user