Fixed #29412 -- Stopped marking slugify() result as HTML safe.

django/utils/text.py

@@ -4,10 +4,7 @@ import unicodedata
 from gzip import GzipFile
 from io import BytesIO
 
-from django.utils.functional import (
+from django.utils.functional import SimpleLazyObject, keep_lazy_text, lazy
-    SimpleLazyObject, keep_lazy, keep_lazy_text, lazy,
-)
-from django.utils.safestring import SafeText, mark_safe
 from django.utils.translation import gettext as _, gettext_lazy, pgettext
 
 
@@ -399,7 +396,7 @@ def unescape_string_literal(s):
     return s[1:-1].replace(r'\%s' % quote, quote).replace(r'\\', '\\')
 
 
-@keep_lazy(str, SafeText)
+@keep_lazy_text
 def slugify(value, allow_unicode=False):
     """
     Convert to ASCII if 'allow_unicode' is False. Convert spaces to hyphens.
@@ -412,7 +409,7 @@ def slugify(value, allow_unicode=False):
     else:
         value = unicodedata.normalize('NFKD', value).encode('ascii', 'ignore').decode('ascii')
     value = re.sub(r'[^\w\s-]', '', value).strip().lower()
-    return mark_safe(re.sub(r'[-\s]+', '-', value))
+    return re.sub(r'[-\s]+', '-', value)
 
 
 def camel_case_to_spaces(value):

docs/releases/2.2.txt

@@ -244,6 +244,9 @@ Miscellaneous
 * For consistency with WSGI servers, the test client now sets the
   ``Content-Length`` header to a string rather than an integer.
 
+* The return value of :func:`django.utils.text.slugify` is no longer marked as
+  HTML safe.
+
 .. _deprecated-features-2.2:
 
 Features deprecated in 2.2

tests/utils_tests/test_safestring.py

@@ -1,6 +1,6 @@
 from django.template import Context, Template
 from django.test import SimpleTestCase
-from django.utils import html, text
+from django.utils import html
 from django.utils.functional import lazy, lazystr
 from django.utils.safestring import SafeData, mark_safe
 
@@ -69,10 +69,6 @@ class SafeStringTest(SimpleTestCase):
         s += mark_safe('&b')
         self.assertRenderEqual('{{ s }}', 'a&b', s=s)
 
-        s = text.slugify(lazystr('a'))
-        s += mark_safe('&b')
-        self.assertRenderEqual('{{ s }}', 'a&b', s=s)
-
     def test_mark_safe_as_decorator(self):
         """
         mark_safe used as a decorator leaves the result of a function

tests/utils_tests/test_text.py

@@ -1,4 +1,5 @@
 import json
+import sys
 
 from django.test import SimpleTestCase
 from django.utils import text
@@ -179,6 +180,8 @@ class TestUtilsText(SimpleTestCase):
         )
         for value, output, is_unicode in items:
             self.assertEqual(text.slugify(value, allow_unicode=is_unicode), output)
+        # interning the result may be useful, e.g. when fed to Path.
+        self.assertEqual(sys.intern(text.slugify('a')), 'a')
 
     def test_unescape_entities(self):
         items = [