Hi,
Sorry I'm late to this thread. I've been working hard on i18n.
Luke Plant wrote:
> Logically I would expect the following 3 to produce the same output:
>
> 1) I use mark_safe on my safe input string and use addslashes to add
> the slashes
>
> Template("{{ val|addslashes }}").render(
> Context({'val': mark_safe("Joe's string")},
> autoescape=rtfescape)
> )
>
> 2) I don't use mark_safe on my safe input string and use addslashes to
> add the slashes
>
> Template("{{ val|addslashes }}").render(
> Context({'val': "Joe's string"},
> autoescape=rtfescape)
> )
>
> 3) I manually 'apply' addslashes.
>
> Template("{{ val }}").render(
> Context({'val': "Joe\\'s string"},
> autoescape=rtfescape)
> )
>
> But these do not produce the same output - 1 is different from 2 and 3,
> and is not what I intend.
>
Just for clarity could you say what the three outputs would be?
1) Joe\'s string
2) Joe\\'s string
3) Joe\\'s string
?
I would say that you would need to be aware of the escaping rules of the
mark up you are templating when writing your template, just like you need to
be aware of html escaping rules when you do any of these:
1)
Template("{{ val|force_escape }}").render(
Context({'val': mark_safe("This & that")})
)
2)
Template("{{ val|force_escape }}").render(
Context({'val': "This & that"})
)
3)
Template("{{ val }}").render(
Context({'val': "This & that"})
)
If you don't have knowledge of the escaping rules, and base the filters you
use based on that knowledge, you're in the same situation.
Flipped around, though, the |upper filter is not safe (in html and in
django), so that would mean that
Template("{{ val|upper }}").render(
Context({'val': mark_safe("Joe\\'s string")},
autoescape=rtfescape)
Would unexpectedly escape Joe's string to "JOE\\\\'S STRING", even though
upper is not unsafe in rtf.
That means that the safe-ness or not of each filter is determined by the
template markup being prepared.
So I see your point, and I see why it adds unwanted mess to Django. I just
thought I'd give more points of information. I'll probably even remove the
feature from Grantlee when I can, so thanks for the discussion.
All the best,
Steve.
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-develop...@googlegroups.com.
To unsubscribe from this group, send email to
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
