From: Armin Ronacher Date: Sat, 7 Jan 2017 15:07:50 +0000 (+0100) Subject: Added a more convenient autoescaping function X-Git-Tag: 2.9~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0020a477dbd2b0b497d8bddb3423b7af747b5b48;p=thirdparty%2Fjinja.git Added a more convenient autoescaping function --- diff --git a/CHANGES b/CHANGES index afc6f760..8b7489f9 100644 --- a/CHANGES +++ b/CHANGES @@ -41,6 +41,8 @@ Version 2.9 propagated the same way. The only remaining differences is the defaults for `with context` and `without context`. - The `with` and `autoescape` tags are now built-in. +- Added the new `select_autoescape` function which helps configuring better + autoescaping easier. Version 2.8.2 ------------- diff --git a/jinja2/__init__.py b/jinja2/__init__.py index cefd0d6b..33724bfd 100644 --- a/jinja2/__init__.py +++ b/jinja2/__init__.py @@ -55,7 +55,7 @@ from jinja2.filters import environmentfilter, contextfilter, \ evalcontextfilter from jinja2.utils import Markup, escape, clear_caches, \ environmentfunction, evalcontextfunction, contextfunction, \ - is_undefined + is_undefined, select_autoescape __all__ = [ 'Environment', 'Template', 'BaseLoader', 'FileSystemLoader', @@ -67,6 +67,7 @@ __all__ = [ 'ModuleLoader', 'environmentfilter', 'contextfilter', 'Markup', 'escape', 'environmentfunction', 'contextfunction', 'clear_caches', 'is_undefined', 'evalcontextfilter', 'evalcontextfunction', 'make_logging_undefined', + 'select_autoescape', ] diff --git a/jinja2/utils.py b/jinja2/utils.py index 38e5edb2..9bab1434 100644 --- a/jinja2/utils.py +++ b/jinja2/utils.py @@ -488,6 +488,55 @@ except ImportError: pass +def select_autoescape(enabled_extensions=('html', 'htm', 'xml'), + disabled_extensions=(), + default_for_string=True, + default=False): + """Intelligently sets the initial value of autoescaping based on the + filename of the template. This is the recommended way to configure + autoescaping if you do not want to write a custom function yourself. + + If you want to enable it for all templates created from strings or + for all templates with `.html` and `.xml` extensions:: + + from jinja2 import Environment, select_autoescape + env = Environment(autoescape=select_autoescape( + enabled_extensions=('html', 'xml'), + default_for_string=True, + )) + + Example configuration to turn it on at all times except if the template + ends with `.txt`:: + + from jinja2 import Environment, select_autoescape + env = Environment(autoescape=select_autoescape( + disabled_extensions=('txt',), + default_for_string=True, + default=True, + )) + + The `enabled_extensions` is an iterable of all the extensions that + autoescaping should be enabled for. Likewise `disabled_extensions` is + a list of all templates it should be disabled for. If a template is + loaded from a string then the default from `default_for_string` is used. + If nothing matches then the initial value of autoescaping is set to the + value of `default`. + + .. versionadded:: 2.9 + """ + enabled_patterns = tuple('.' + x.lstrip('.') for x in enabled_extensions) + disabled_patterns = tuple('.' + x.lstrip('.') for x in disabled_extensions) + def autoescape(template_name): + if template_name is None: + return default_for_string + if template_name.endswith(enabled_patterns): + return True + if template_name.endswith(disabled_patterns): + return False + return default + return autoescape + + def htmlsafe_json_dumps(obj, dumper=None, **kwargs): """Works exactly like :func:`dumps` but is safe for use in ``