From 367867845f443583045326a098af5781e2099817 Mon Sep 17 00:00:00 2001 From: Malcolm Tredinnick Date: Wed, 19 Dec 2007 04:20:02 +0000 Subject: [PATCH] Fixed #6239 -- Fixed an auto-escaping problem with urlizetrunc. Thanks, SmileyChris. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6950 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/template/defaultfilters.py | 6 ++++-- tests/regressiontests/templates/filters.py | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/django/template/defaultfilters.py b/django/template/defaultfilters.py index 2f211dadb5..5cee0ab244 100644 --- a/django/template/defaultfilters.py +++ b/django/template/defaultfilters.py @@ -254,7 +254,7 @@ urlize.is_safe=True urlize.needs_autoescape = True urlize = stringfilter(urlize) -def urlizetrunc(value, limit): +def urlizetrunc(value, limit, autoescape=None): """ Converts URLs into clickable links, truncating URLs to the given character limit, and adding 'rel=nofollow' attribute to discourage spamming. @@ -262,8 +262,10 @@ def urlizetrunc(value, limit): Argument: Length to truncate URLs to. """ from django.utils.html import urlize - return mark_safe(urlize(value, trim_url_limit=int(limit), nofollow=True)) + return mark_safe(urlize(value, trim_url_limit=int(limit), nofollow=True, + autoescape=autoescape)) urlizetrunc.is_safe = True +urlizetrunc.needs_autoescape = True urlizetrunc = stringfilter(urlizetrunc) def wordcount(value): diff --git a/tests/regressiontests/templates/filters.py b/tests/regressiontests/templates/filters.py index 4175bdbe5f..f38b2cdef1 100644 --- a/tests/regressiontests/templates/filters.py +++ b/tests/regressiontests/templates/filters.py @@ -108,8 +108,8 @@ def get_filter_tests(): 'filter-urlize05': ('{% autoescape off %}{{ a|urlize }}{% endautoescape %}', {"a": ""}, ""), 'filter-urlize06': ('{{ a|urlize }}', {"a": ""}, '<script>alert('foo')</script>'), - 'filter-urlizetrunc01': ('{% autoescape off %}{{ a|urlizetrunc:"8" }} {{ b|urlizetrunc:"8" }}{% endautoescape %}', {"a": "http://example.com/x=&y=", "b": mark_safe("http://example.com?x=&y=")}, u'http:... http:...'), - 'filter-urlizetrunc02': ('{{ a|urlizetrunc:"8" }} {{ b|urlizetrunc:"8" }}', {"a": "http://example.com/x=&y=", "b": mark_safe("http://example.com?x=&y=")}, u'http:... http:...'), + 'filter-urlizetrunc01': ('{% autoescape off %}{{ a|urlizetrunc:"8" }} {{ b|urlizetrunc:"8" }}{% endautoescape %}', {"a": '"Unsafe" http://example.com/x=&y=', "b": mark_safe('"Safe" http://example.com?x=&y=')}, u'"Unsafe" http:... "Safe" http:...'), + 'filter-urlizetrunc02': ('{{ a|urlizetrunc:"8" }} {{ b|urlizetrunc:"8" }}', {"a": '"Unsafe" http://example.com/x=&y=', "b": mark_safe('"Safe" http://example.com?x=&y=')}, u'"Unsafe" http:... "Safe" http:...'), 'filter-wordcount01': ('{% autoescape off %}{{ a|wordcount }} {{ b|wordcount }}{% endautoescape %}', {"a": "a & b", "b": mark_safe("a & b")}, "3 3"), 'filter-wordcount02': ('{{ a|wordcount }} {{ b|wordcount }}', {"a": "a & b", "b": mark_safe("a & b")}, "3 3"),