[Django] #22294: length filter changes type of output to string if passed safe string
Django
---------------------------------+-------------------------
Reporter: steve.pike@… | Owner: nobody
Type: Uncategorized | Status: new
Component: Template system | Version: 1.5
Severity: Normal | Keywords: filter safe
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 1 | UI/UX: 0
---------------------------------+-------------------------
if you do:
{{{
{% if some_string|length > 123 %}
Hurrah!
{% endif %}
}}}
what happens is what you expect to happen - the length of the string is
determined and compared to the integer given in the condition.
However if you do this:
{{{
{% if some_safe_string|length > 123 %}
Booo!
{% endif %}
}}}
Then the result is non obvious, since passing a safe_string to length
results in the output also being marked safe and thus changed into a safe
*string*... on which you cannot do simple comparisons to integers in this
way... (see: https://docs.djangoproject.com/en/dev/howto/custom-template-
tags/#filters-and-auto-escaping and
https://github.com/django/django/blob/master/django/template/defaultfilters.py#L581
)
This seems like a bug rather than a feature, but since the type of the
result of the length filter is not stated in the docs (
https://docs.djangoproject.com/en/1.5/ref/templates/builtins/#length )
this is really misleading.
--
Ticket URL: <https://code.djangoproject.com/ticket/22294>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: steve.pike@… | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Template system | Version: master
Severity: Normal | Resolution:
Keywords: filter safe | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by bmispelon):
* needs_better_patch: => 0
* needs_tests: => 0
* version: 1.5 => master
* needs_docs: => 0
* type: Uncategorized => Cleanup/optimization
* stage: Unreviewed => Accepted
Comment:
Hi,
I agree that this behavior is not obvious and could lead to hard-to-debug
issues.
I don't really see a reason why `length` needs `is_safe=True`, since it
should normally return either integers, or an empty string in case of an
error.
In fact, making this change doesn't seem to break any existing test which
is a good sign.
--
Ticket URL: <https://code.djangoproject.com/ticket/22294#comment:1>
Django
Reporter: steve.pike@… | Owner: nobody
Type: Cleanup/optimization | Status: closed
Component: Template system | Version: master
Keywords: filter safe | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Claude Paroz <claude@…>):
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"bc315266c86f371ab04d05c43383775267e8595a"]:
{{{
#!CommitTicketReference repository=""
revision="bc315266c86f371ab04d05c43383775267e8595a"
Fixed #22294 -- Prevented converting length filter output to string
Thanks Steve Pike for the report.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/22294#comment:2>