1
0
mirror of https://github.com/django/django.git synced 2025-10-24 14:16:09 +00:00

Fixed #29412 -- Stopped marking slugify() result as HTML safe.

This commit is contained in:
Claude Paroz
2018-07-14 10:38:18 +02:00
committed by Tim Graham
parent 861638a307
commit b004bd62e8
4 changed files with 10 additions and 11 deletions

View File

@@ -4,10 +4,7 @@ import unicodedata
from gzip import GzipFile
from io import BytesIO
from django.utils.functional import (
SimpleLazyObject, keep_lazy, keep_lazy_text, lazy,
)
from django.utils.safestring import SafeText, mark_safe
from django.utils.functional import SimpleLazyObject, keep_lazy_text, lazy
from django.utils.translation import gettext as _, gettext_lazy, pgettext
@@ -399,7 +396,7 @@ def unescape_string_literal(s):
return s[1:-1].replace(r'\%s' % quote, quote).replace(r'\\', '\\')
@keep_lazy(str, SafeText)
@keep_lazy_text
def slugify(value, allow_unicode=False):
"""
Convert to ASCII if 'allow_unicode' is False. Convert spaces to hyphens.
@@ -412,7 +409,7 @@ def slugify(value, allow_unicode=False):
else:
value = unicodedata.normalize('NFKD', value).encode('ascii', 'ignore').decode('ascii')
value = re.sub(r'[^\w\s-]', '', value).strip().lower()
return mark_safe(re.sub(r'[-\s]+', '-', value))
return re.sub(r'[-\s]+', '-', value)
def camel_case_to_spaces(value):

View File

@@ -244,6 +244,9 @@ Miscellaneous
* For consistency with WSGI servers, the test client now sets the
``Content-Length`` header to a string rather than an integer.
* The return value of :func:`django.utils.text.slugify` is no longer marked as
HTML safe.
.. _deprecated-features-2.2:
Features deprecated in 2.2

View File

@@ -1,6 +1,6 @@
from django.template import Context, Template
from django.test import SimpleTestCase
from django.utils import html, text
from django.utils import html
from django.utils.functional import lazy, lazystr
from django.utils.safestring import SafeData, mark_safe
@@ -69,10 +69,6 @@ class SafeStringTest(SimpleTestCase):
s += mark_safe('&b')
self.assertRenderEqual('{{ s }}', 'a&b', s=s)
s = text.slugify(lazystr('a'))
s += mark_safe('&b')
self.assertRenderEqual('{{ s }}', 'a&b', s=s)
def test_mark_safe_as_decorator(self):
"""
mark_safe used as a decorator leaves the result of a function

View File

@@ -1,4 +1,5 @@
import json
import sys
from django.test import SimpleTestCase
from django.utils import text
@@ -179,6 +180,8 @@ class TestUtilsText(SimpleTestCase):
)
for value, output, is_unicode in items:
self.assertEqual(text.slugify(value, allow_unicode=is_unicode), output)
# interning the result may be useful, e.g. when fed to Path.
self.assertEqual(sys.intern(text.slugify('a')), 'a')
def test_unescape_entities(self):
items = [