Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why use is_safe?

Tags:

python

django

I'm reading Django documentation on custom filter.

and.. I don't see the reason of the existence of is_safe. https://docs.djangoproject.com/en/1.3/howto/custom-template-tags/#filters-and-auto-escaping

when I coded some examples and then tried them, the result were always same whether is_safe is True or False.

Why do you use is_safe?

Here is my code

extra_tags.py

from django.template.defaultfilters import stringfilter
from django import template
import datetime
register = template.Library()

@register.filter(name='custom_lower')        
@stringfilter
def lower(value):
    is_safe = True
    return '%sxx'%value
lower.is_safe = True;

from django.utils.html import conditional_escape
from django.utils.safestring import mark_safe

@register.filter(name='custom_lf')
def initial_letter_filter(text, autoescape=None):
    first, other = text[0], text[1:]
    if autoescape:
        esc = conditional_escape
    else:
        esc = lambda x: x
    result = '<strong>%s</strong>%s' % (esc(first), esc(other))
    return mark_safe(result)
initial_letter_filter.is_safe = False
initial_letter_filter.needs_autoescape = True

my point is that whether I code is_safe=True or is_safe=False, the result will be auto-escaped characters.. and I don't see why we use is_safe.

like image 973
Anderson Avatar asked Dec 22 '22 08:12

Anderson

1 Answers

Using is_safe together with mark_safe() is redundant, which is probably why you don't see any differences.

As noted in the section you linked to, down where it talks about mark_safe():

There's no need to worry about the is_safe attribute in this case (although including it wouldn't hurt anything). Whenever you manually handle the auto-escaping issues and return a safe string, the is_safe attribute won't change anything either way.

is_safe is simply a way to automatically mark the return value of a function as safe, given that all of the external inputs were already safe. Django will still autoescape anything that was an input, but it won't try to escape the other parts which were added afterwards by your function.

mark_safe(), on the other hand, certifies that the output is safe regardless of whether the inputs were safe - it's a much stronger requirement that you have to fulfill if you're going to use it.

like image 144
Amber Avatar answered Dec 31 '22 21:12

Amber
Sign in to Comment

Related questions

Tuples, checking for a letter in a string
python should I use generator for this case?
does Python for windows ever insert '\r\n' when told to insert '\n'?
Sorting sub-lists into new sub-lists based on common first items
How to properly install Python on OSX for use with OpenCV?
Python wrapper for libfprint
Python: are objects more memory-hungry than dictionaries?
How to define a python string (quasi-)constant that has dynamic inputs?
Nested for loops in Python compared to map function
How to find relatedness in Wordnet using Python
Need an easy way to remove duplicates of nested tuples in python
What is the easiest way of deleting all my blobstore data?
How to access the specific locations of an integer list in Python?
make dictionary from csv file columns
"ImportError: No module named" error doesn't seem to be related to my code
what's the difference between two Python imports
Matrix multiplication for sparse matrices in Python
Multiple Python Processes slow
Matplotlib: align origin of right axis with specific left axis value
Automated alignment of "tabular" Python code [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!