mirror of
				https://github.com/django/django.git
				synced 2025-10-24 22:26:08 +00:00 
			
		
		
		
	Fixed #11377: the template join filter now correctly escapes the joiner, too.
Thanks, Stephen Kelly. git-svn-id: http://code.djangoproject.com/svn/django/trunk@13464 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
		| @@ -11,9 +11,10 @@ except ImportError: | ||||
| from django.template import Variable, Library | ||||
| from django.conf import settings | ||||
| from django.utils import formats | ||||
| from django.utils.translation import ugettext, ungettext | ||||
| from django.utils.encoding import force_unicode, iri_to_uri | ||||
| from django.utils.html import conditional_escape | ||||
| from django.utils.safestring import mark_safe, SafeData | ||||
| from django.utils.translation import ugettext, ungettext | ||||
|  | ||||
| register = Library() | ||||
|  | ||||
| @@ -496,10 +497,9 @@ def join(value, arg, autoescape=None): | ||||
|     """ | ||||
|     value = map(force_unicode, value) | ||||
|     if autoescape: | ||||
|         from django.utils.html import conditional_escape | ||||
|         value = [conditional_escape(v) for v in value] | ||||
|     try: | ||||
|         data = arg.join(value) | ||||
|         data = conditional_escape(arg).join(value) | ||||
|     except AttributeError: # fail silently but nicely | ||||
|         return value | ||||
|     return mark_safe(data) | ||||
|   | ||||
| @@ -328,6 +328,11 @@ def get_filter_tests(): | ||||
|         'join03': (r'{{ a|join:" & " }}', {'a': ['alpha', 'beta & me']}, 'alpha & beta & me'), | ||||
|         'join04': (r'{% autoescape off %}{{ a|join:" & " }}{% endautoescape %}', {'a': ['alpha', 'beta & me']}, 'alpha & beta & me'), | ||||
|  | ||||
|         # Test that joining with unsafe joiners don't result in unsafe strings (#11377) | ||||
|         'join05': (r'{{ a|join:var }}', {'a': ['alpha', 'beta & me'], 'var': ' & '}, 'alpha & beta & me'),  | ||||
|         'join06': (r'{{ a|join:var }}', {'a': ['alpha', 'beta & me'], 'var': mark_safe(' & ')}, 'alpha & beta & me'),  | ||||
|         'join07': (r'{{ a|join:var|lower }}', {'a': ['Alpha', 'Beta & me'], 'var': ' & ' }, 'alpha & beta & me'),  | ||||
|         'join08': (r'{{ a|join:var|lower }}', {'a': ['Alpha', 'Beta & me'], 'var': mark_safe(' & ')}, 'alpha & beta & me'),  | ||||
|          | ||||
|         'date01': (r'{{ d|date:"m" }}', {'d': datetime(2008, 1, 1)}, '01'), | ||||
|         'date02': (r'{{ d|date }}', {'d': datetime(2008, 1, 1)}, 'Jan. 1, 2008'), | ||||
|   | ||||
		Reference in New Issue
	
	Block a user