mirror of
				https://github.com/django/django.git
				synced 2025-10-25 14:46:09 +00:00 
			
		
		
		
	Fixed #21316 -- Documented that modifying safe strings makes them unsafe.
Thanks dev@simon.net.nz for the suggestion and vijay_shanker for the patch.
This commit is contained in:
		| @@ -764,6 +764,17 @@ appropriate entities. | |||||||
|  |  | ||||||
|     Can be called multiple times on a single string. |     Can be called multiple times on a single string. | ||||||
|  |  | ||||||
|  |     String marked safe will become unsafe again if modified. For example:: | ||||||
|  |  | ||||||
|  |         >>> mystr = '<b>Hello World</b>   ' | ||||||
|  |         >>> mystr = mark_safe(mystr) | ||||||
|  |         >>> type(mystr) | ||||||
|  |         <class 'django.utils.safestring.SafeBytes'> | ||||||
|  |  | ||||||
|  |         >>> mystr = mystr.strip()  # removing whitespace | ||||||
|  |         >>> type(mystr) | ||||||
|  |         <type 'str'> | ||||||
|  |  | ||||||
| .. function:: mark_for_escaping(s) | .. function:: mark_for_escaping(s) | ||||||
|  |  | ||||||
|     Explicitly mark a string as requiring HTML escaping upon output. Has no |     Explicitly mark a string as requiring HTML escaping upon output. Has no | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user