Fixed #11377: the template join filter now correctly escapes the joiner, too.

Thanks, Stephen Kelly.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@13464 bcc190cf-cafb-0310-a4f2-bffc1f526a37

django/template/defaultfilters.py

@@ -11,9 +11,10 @@ except ImportError:
 from django.template import Variable, Library
 from django.conf import settings
 from django.utils import formats
-from django.utils.translation import ugettext, ungettext
 from django.utils.encoding import force_unicode, iri_to_uri
+from django.utils.html import conditional_escape
 from django.utils.safestring import mark_safe, SafeData
+from django.utils.translation import ugettext, ungettext
 
 register = Library()
 
@@ -496,10 +497,9 @@ def join(value, arg, autoescape=None):
     """
     value = map(force_unicode, value)
     if autoescape:
-        from django.utils.html import conditional_escape
         value = [conditional_escape(v) for v in value]
     try:
-        data = arg.join(value)
+        data = conditional_escape(arg).join(value)
     except AttributeError: # fail silently but nicely
         return value
     return mark_safe(data)