mirror of
				https://github.com/django/django.git
				synced 2025-10-25 14:46:09 +00:00 
			
		
		
		
	Fixed #20296 -- Prevented mark_safe() from evaluating lazy objects.
This commit is contained in:
		
				
					committed by
					
						 Mariusz Felisiak
						Mariusz Felisiak
					
				
			
			
				
	
			
			
			
						parent
						
							b626c5a979
						
					
				
				
					commit
					659d2421c7
				
			| @@ -7,6 +7,8 @@ be interpreted by the HTML engine (e.g. '<') into the appropriate entities. | |||||||
|  |  | ||||||
| from functools import wraps | from functools import wraps | ||||||
|  |  | ||||||
|  | from django.utils.functional import keep_lazy | ||||||
|  |  | ||||||
|  |  | ||||||
| class SafeData: | class SafeData: | ||||||
|     __slots__ = () |     __slots__ = () | ||||||
| @@ -53,6 +55,7 @@ def _safety_decorator(safety_marker, func): | |||||||
|     return wrapped |     return wrapped | ||||||
|  |  | ||||||
|  |  | ||||||
|  | @keep_lazy(SafeString) | ||||||
| def mark_safe(s): | def mark_safe(s): | ||||||
|     """ |     """ | ||||||
|     Explicitly mark a string as safe for (HTML) output purposes. The returned |     Explicitly mark a string as safe for (HTML) output purposes. The returned | ||||||
|   | |||||||
| @@ -312,6 +312,8 @@ Utilities | |||||||
|  |  | ||||||
| * ``SimpleLazyObject`` now supports addition operations. | * ``SimpleLazyObject`` now supports addition operations. | ||||||
|  |  | ||||||
|  | * :func:`~django.utils.safestring.mark_safe` now preserves lazy objects. | ||||||
|  |  | ||||||
| Validators | Validators | ||||||
| ~~~~~~~~~~ | ~~~~~~~~~~ | ||||||
|  |  | ||||||
|   | |||||||
| @@ -1,8 +1,9 @@ | |||||||
| from django.template import Context, Template | from django.template import Context, Template | ||||||
| from django.test import SimpleTestCase | from django.test import SimpleTestCase | ||||||
| from django.utils import html | from django.utils import html, translation | ||||||
| from django.utils.functional import lazy, lazystr | from django.utils.functional import Promise, lazy, lazystr | ||||||
| from django.utils.safestring import SafeData, SafeString, mark_safe | from django.utils.safestring import SafeData, SafeString, mark_safe | ||||||
|  | from django.utils.translation import gettext_lazy | ||||||
|  |  | ||||||
|  |  | ||||||
| class customescape(str): | class customescape(str): | ||||||
| @@ -40,10 +41,17 @@ class SafeStringTest(SimpleTestCase): | |||||||
|         self.assertRenderEqual("{{ s|force_escape }}", "<a&b>", s=s) |         self.assertRenderEqual("{{ s|force_escape }}", "<a&b>", s=s) | ||||||
|  |  | ||||||
|     def test_mark_safe_lazy(self): |     def test_mark_safe_lazy(self): | ||||||
|         s = lazystr("a&b") |         safe_s = mark_safe(lazystr("a&b")) | ||||||
|  |  | ||||||
|         self.assertIsInstance(mark_safe(s), SafeData) |         self.assertIsInstance(safe_s, Promise) | ||||||
|         self.assertRenderEqual("{{ s }}", "a&b", s=mark_safe(s)) |         self.assertRenderEqual("{{ s }}", "a&b", s=safe_s) | ||||||
|  |         self.assertIsInstance(str(safe_s), SafeData) | ||||||
|  |  | ||||||
|  |     def test_mark_safe_lazy_i18n(self): | ||||||
|  |         s = mark_safe(gettext_lazy("name")) | ||||||
|  |         tpl = Template("{{ s }}") | ||||||
|  |         with translation.override("fr"): | ||||||
|  |             self.assertEqual(tpl.render(Context({"s": s})), "nom") | ||||||
|  |  | ||||||
|     def test_mark_safe_object_implementing_dunder_str(self): |     def test_mark_safe_object_implementing_dunder_str(self): | ||||||
|         class Obj: |         class Obj: | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user