Fixed #29412 -- Stopped marking slugify() result as HTML safe.

b004bd62 · Claude Paroz · Tim Graham · 861638a3 · b004bd62 · b004bd62
Kaydet (Commit) b004bd62 authored Tem 14, 2018 tarafından Claude Paroz Kaydeden (comit) Tim Graham Tem 20, 2018
Showing with 10 additions and 11 deletions

text.py django/utils/text.py +3 -6

2.2.txt docs/releases/2.2.txt +3 -0

test_safestring.py tests/utils_tests/test_safestring.py +1 -5

test_text.py tests/utils_tests/test_text.py +3 -0

No files found.
--- a/django/utils/text.py
+++ b/django/utils/text.py
@@ -4,10 +4,7 @@ import unicodedata
 from gzip import GzipFile
 from io import BytesIO

-from django.utils.functional import (
-    SimpleLazyObject, keep_lazy, keep_lazy_text, lazy,
-)
-from django.utils.safestring import SafeText, mark_safe
+from django.utils.functional import SimpleLazyObject, keep_lazy_text, lazy
 from django.utils.translation import gettext as _, gettext_lazy, pgettext


@@ -399,7 +396,7 @@ def unescape_string_literal(s):
    return s[1:-1].replace(r'\%s' % quote, quote).replace(r'\\', '\\')


-@keep_lazy(str, SafeText)
+@keep_lazy_text
 def slugify(value, allow_unicode=False):
    """
    Convert to ASCII if 'allow_unicode' is False. Convert spaces to hyphens.
@@ -412,7 +409,7 @@ def slugify(value, allow_unicode=False):
    else:
        value = unicodedata.normalize('NFKD', value).encode('ascii', 'ignore').decode('ascii')
    value = re.sub(r'[^\w\s-]', '', value).strip().lower()
-    return mark_safe(re.sub(r'[-\s]+', '-', value))
+    return re.sub(r'[-\s]+', '-', value)


 def camel_case_to_spaces(value):

--- a/docs/releases/2.2.txt
+++ b/docs/releases/2.2.txt
@@ -244,6 +244,9 @@ Miscellaneous
 * For consistency with WSGI servers, the test client now sets the
  ``Content-Length`` header to a string rather than an integer.

+* The return value of :func:`django.utils.text.slugify` is no longer marked as
+  HTML safe.
+
 .. _deprecated-features-2.2:

 Features deprecated in 2.2

--- a/tests/utils_tests/test_safestring.py
+++ b/tests/utils_tests/test_safestring.py
 from django.template import Context, Template
 from django.test import SimpleTestCase
-from django.utils import html, text
+from django.utils import html
 from django.utils.functional import lazy, lazystr
 from django.utils.safestring import SafeData, mark_safe

@@ -69,10 +69,6 @@ class SafeStringTest(SimpleTestCase):
        s += mark_safe('&b')
        self.assertRenderEqual('{{ s }}', 'a&b', s=s)

-        s = text.slugify(lazystr('a'))
-        s += mark_safe('&b')
-        self.assertRenderEqual('{{ s }}', 'a&b', s=s)
-
    def test_mark_safe_as_decorator(self):
        """
        mark_safe used as a decorator leaves the result of a function

--- a/tests/utils_tests/test_text.py
+++ b/tests/utils_tests/test_text.py
 import json
+import sys

 from django.test import SimpleTestCase
 from django.utils import text
@@ -179,6 +180,8 @@ class TestUtilsText(SimpleTestCase):
        )
        for value, output, is_unicode in items:
            self.assertEqual(text.slugify(value, allow_unicode=is_unicode), output)
+        # interning the result may be useful, e.g. when fed to Path.
+        self.assertEqual(sys.intern(text.slugify('a')), 'a')

    def test_unescape_entities(self):
        items = [