From 8864d2478946506db22d2d2d37585f55536fb358 Mon Sep 17 00:00:00 2001 From: Baptiste Mispelon Date: Wed, 5 Feb 2014 05:16:39 +0100 Subject: [PATCH] [1.6.x] Revert "Fixed #20296 -- Allowed SafeData and EscapeData to be lazy" This reverts commit 2ee447fb5f8974b432d3dd421af9a242215aea44. That commit introduced a regression (#21882) and didn't really do what it was supposed to: while it did delay the evaluation of lazy objects passed to mark_safe(), they weren't actually marked as such so they could end up being escaped twice. Refs #21882. Backport of a878bf9b093bf15d751b070d132fec52a7523a47 from master. --- django/utils/safestring.py | 10 +++------- tests/utils_tests/test_safestring.py | 18 ++++++------------ 2 files changed, 9 insertions(+), 19 deletions(-) diff --git a/django/utils/safestring.py b/django/utils/safestring.py index 3774012d32..07e0bf4cea 100644 --- a/django/utils/safestring.py +++ b/django/utils/safestring.py @@ -4,7 +4,7 @@ without further escaping in HTML. Marking something as a "safe string" means that the producer of the string has already turned characters that should not be interpreted by the HTML engine (e.g. '<') into the appropriate entities. """ -from django.utils.functional import curry, Promise, allow_lazy +from django.utils.functional import curry, Promise from django.utils import six class EscapeData(object): @@ -14,13 +14,13 @@ class EscapeBytes(bytes, EscapeData): """ A byte string that should be HTML-escaped when output. """ - __new__ = allow_lazy(bytes.__new__, bytes) + pass class EscapeText(six.text_type, EscapeData): """ A unicode string object that should be HTML-escaped when output. """ - __new__ = allow_lazy(six.text_type.__new__, six.text_type) + pass if six.PY3: EscapeString = EscapeText @@ -37,8 +37,6 @@ class SafeBytes(bytes, SafeData): A bytes subclass that has been specifically marked as "safe" (requires no further escaping) for HTML output purposes. """ - __new__ = allow_lazy(bytes.__new__, bytes) - def __add__(self, rhs): """ Concatenating a safe byte string with another safe byte string or safe @@ -71,8 +69,6 @@ class SafeText(six.text_type, SafeData): A unicode (Python 2) / str (Python 3) subclass that has been specifically marked as "safe" for HTML output purposes. """ - __new__ = allow_lazy(six.text_type.__new__, six.text_type) - def __add__(self, rhs): """ Concatenating a safe unicode string with another safe byte string or diff --git a/tests/utils_tests/test_safestring.py b/tests/utils_tests/test_safestring.py index a6f0c0a01c..3953f82362 100644 --- a/tests/utils_tests/test_safestring.py +++ b/tests/utils_tests/test_safestring.py @@ -4,9 +4,8 @@ from __future__ import absolute_import, unicode_literals from django.template import Template, Context from django.test import TestCase from django.utils.encoding import force_text, force_bytes -from django.utils.functional import lazy, Promise -from django.utils.html import escape, conditional_escape -from django.utils.safestring import mark_safe, mark_for_escaping +from django.utils.functional import lazy +from django.utils.safestring import mark_safe, mark_for_escaping, SafeData, EscapeData from django.utils import six from django.utils import translation @@ -30,8 +29,8 @@ class SafeStringTest(TestCase): s = lazystr('a&b') b = lazybytes(b'a&b') - self.assertIsInstance(mark_safe(s), Promise) - self.assertIsInstance(mark_safe(b), Promise) + self.assertIsInstance(mark_safe(s), SafeData) + self.assertIsInstance(mark_safe(b), SafeData) self.assertRenderEqual('{{ s }}', 'a&b', s=mark_safe(s)) def test_mark_for_escaping(self): @@ -43,11 +42,6 @@ class SafeStringTest(TestCase): s = lazystr('a&b') b = lazybytes(b'a&b') - self.assertIsInstance(mark_for_escaping(s), Promise) - self.assertIsInstance(mark_for_escaping(b), Promise) + self.assertIsInstance(mark_for_escaping(s), EscapeData) + self.assertIsInstance(mark_for_escaping(b), EscapeData) self.assertRenderEqual('{% autoescape off %}{{ s }}{% endautoescape %}', 'a&b', s=mark_for_escaping(s)) - - def test_regression_20296(self): - s = mark_safe(translation.ugettext_lazy("username")) - with translation.override('fr'): - self.assertRenderEqual('{{ s }}', "nom d'utilisateur", s=s)