<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=""> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>django.utils.safestring — Django 1.8.19 documentation</title> <link rel="stylesheet" href="../../../_static/default.css" type="text/css" /> <link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" /> <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '../../../', VERSION: '1.8.19', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', HAS_SOURCE: true }; </script> <script type="text/javascript" src="../../../_static/jquery.js"></script> <script type="text/javascript" src="../../../_static/underscore.js"></script> <script type="text/javascript" src="../../../_static/doctools.js"></script> <link rel="index" title="Index" href="../../../genindex.html" /> <link rel="search" title="Search" href="../../../search.html" /> <link rel="top" title="Django 1.8.19 documentation" href="../../../contents.html" /> <link rel="up" title="django" href="../../django.html" /> <script type="text/javascript" src="../../../templatebuiltins.js"></script> <script type="text/javascript"> (function($) { if (!django_template_builtins) { // templatebuiltins.js missing, do nothing. return; } $(document).ready(function() { // Hyperlink Django template tags and filters var base = "../../../ref/templates/builtins.html"; if (base == "#") { // Special case for builtins.html itself base = ""; } // Tags are keywords, class '.k' $("div.highlight\\-html\\+django span.k").each(function(i, elem) { var tagname = $(elem).text(); if ($.inArray(tagname, django_template_builtins.ttags) != -1) { var fragment = tagname.replace(/_/, '-'); $(elem).html("<a href='" + base + "#" + fragment + "'>" + tagname + "</a>"); } }); // Filters are functions, class '.nf' $("div.highlight\\-html\\+django span.nf").each(function(i, elem) { var filtername = $(elem).text(); if ($.inArray(filtername, django_template_builtins.tfilters) != -1) { var fragment = filtername.replace(/_/, '-'); $(elem).html("<a href='" + base + "#" + fragment + "'>" + filtername + "</a>"); } }); }); })(jQuery); </script> </head> <body role="document"> <div class="document"> <div id="custom-doc" class="yui-t6"> <div id="hd"> <h1><a href="../../../index.html">Django 1.8.19 documentation</a></h1> <div id="global-nav"> <a title="Home page" href="../../../index.html">Home</a> | <a title="Table of contents" href="../../../contents.html">Table of contents</a> | <a title="Global index" href="../../../genindex.html">Index</a> | <a title="Module index" href="../../../py-modindex.html">Modules</a> </div> <div class="nav"> <a href="../../index.html" title="Module code" accesskey="U">up</a></div> </div> <div id="bd"> <div id="yui-main"> <div class="yui-b"> <div class="yui-g" id="_modules-django-utils-safestring"> <h1>Source code for django.utils.safestring</h1><div class="highlight"><pre> <span></span><span class="sd">"""</span> <span class="sd">Functions for working with "safe strings": strings that can be displayed safely</span> <span class="sd">without further escaping in HTML. Marking something as a "safe string" means</span> <span class="sd">that the producer of the string has already turned characters that should not</span> <span class="sd">be interpreted by the HTML engine (e.g. '<') into the appropriate entities.</span> <span class="sd">"""</span> <span class="kn">from</span> <span class="nn">django.utils</span> <span class="k">import</span> <span class="n">six</span> <span class="kn">from</span> <span class="nn">django.utils.functional</span> <span class="k">import</span> <span class="n">Promise</span><span class="p">,</span> <span class="n">curry</span> <span class="k">class</span> <span class="nc">EscapeData</span><span class="p">(</span><span class="nb">object</span><span class="p">):</span> <span class="k">pass</span> <span class="k">class</span> <span class="nc">EscapeBytes</span><span class="p">(</span><span class="nb">bytes</span><span class="p">,</span> <span class="n">EscapeData</span><span class="p">):</span> <span class="sd">"""</span> <span class="sd"> A byte string that should be HTML-escaped when output.</span> <span class="sd"> """</span> <span class="k">pass</span> <span class="k">class</span> <span class="nc">EscapeText</span><span class="p">(</span><span class="n">six</span><span class="o">.</span><span class="n">text_type</span><span class="p">,</span> <span class="n">EscapeData</span><span class="p">):</span> <span class="sd">"""</span> <span class="sd"> A unicode string object that should be HTML-escaped when output.</span> <span class="sd"> """</span> <span class="k">pass</span> <span class="k">if</span> <span class="n">six</span><span class="o">.</span><span class="n">PY3</span><span class="p">:</span> <span class="n">EscapeString</span> <span class="o">=</span> <span class="n">EscapeText</span> <span class="k">else</span><span class="p">:</span> <span class="n">EscapeString</span> <span class="o">=</span> <span class="n">EscapeBytes</span> <span class="c1"># backwards compatibility for Python 2</span> <span class="n">EscapeUnicode</span> <span class="o">=</span> <span class="n">EscapeText</span> <span class="k">class</span> <span class="nc">SafeData</span><span class="p">(</span><span class="nb">object</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__html__</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> <span class="sd">"""</span> <span class="sd"> Returns the html representation of a string for interoperability.</span> <span class="sd"> This allows other template engines to understand Django's SafeData.</span> <span class="sd"> """</span> <span class="k">return</span> <span class="bp">self</span> <div class="viewcode-block" id="SafeBytes"><a class="viewcode-back" href="../../../ref/utils.html#django.utils.safestring.SafeBytes">[docs]</a><span class="k">class</span> <span class="nc">SafeBytes</span><span class="p">(</span><span class="nb">bytes</span><span class="p">,</span> <span class="n">SafeData</span><span class="p">):</span> <span class="sd">"""</span> <span class="sd"> A bytes subclass that has been specifically marked as "safe" (requires no</span> <span class="sd"> further escaping) for HTML output purposes.</span> <span class="sd"> """</span> <span class="k">def</span> <span class="nf">__add__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">rhs</span><span class="p">):</span> <span class="sd">"""</span> <span class="sd"> Concatenating a safe byte string with another safe byte string or safe</span> <span class="sd"> unicode string is safe. Otherwise, the result is no longer safe.</span> <span class="sd"> """</span> <span class="n">t</span> <span class="o">=</span> <span class="nb">super</span><span class="p">(</span><span class="n">SafeBytes</span><span class="p">,</span> <span class="bp">self</span><span class="p">)</span><span class="o">.</span><span class="n">__add__</span><span class="p">(</span><span class="n">rhs</span><span class="p">)</span> <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">rhs</span><span class="p">,</span> <span class="n">SafeText</span><span class="p">):</span> <span class="k">return</span> <span class="n">SafeText</span><span class="p">(</span><span class="n">t</span><span class="p">)</span> <span class="k">elif</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">rhs</span><span class="p">,</span> <span class="n">SafeBytes</span><span class="p">):</span> <span class="k">return</span> <span class="n">SafeBytes</span><span class="p">(</span><span class="n">t</span><span class="p">)</span> <span class="k">return</span> <span class="n">t</span> <span class="k">def</span> <span class="nf">_proxy_method</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="sd">"""</span> <span class="sd"> Wrap a call to a normal unicode method up so that we return safe</span> <span class="sd"> results. The method that is being wrapped is passed in the 'method'</span> <span class="sd"> argument.</span> <span class="sd"> """</span> <span class="n">method</span> <span class="o">=</span> <span class="n">kwargs</span><span class="o">.</span><span class="n">pop</span><span class="p">(</span><span class="s1">'method'</span><span class="p">)</span> <span class="n">data</span> <span class="o">=</span> <span class="n">method</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="nb">bytes</span><span class="p">):</span> <span class="k">return</span> <span class="n">SafeBytes</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="k">return</span> <span class="n">SafeText</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> <span class="n">decode</span> <span class="o">=</span> <span class="n">curry</span><span class="p">(</span><span class="n">_proxy_method</span><span class="p">,</span> <span class="n">method</span><span class="o">=</span><span class="nb">bytes</span><span class="o">.</span><span class="n">decode</span><span class="p">)</span></div> <div class="viewcode-block" id="SafeText"><a class="viewcode-back" href="../../../ref/utils.html#django.utils.safestring.SafeText">[docs]</a><span class="k">class</span> <span class="nc">SafeText</span><span class="p">(</span><span class="n">six</span><span class="o">.</span><span class="n">text_type</span><span class="p">,</span> <span class="n">SafeData</span><span class="p">):</span> <span class="sd">"""</span> <span class="sd"> A unicode (Python 2) / str (Python 3) subclass that has been specifically</span> <span class="sd"> marked as "safe" for HTML output purposes.</span> <span class="sd"> """</span> <span class="k">def</span> <span class="nf">__add__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">rhs</span><span class="p">):</span> <span class="sd">"""</span> <span class="sd"> Concatenating a safe unicode string with another safe byte string or</span> <span class="sd"> safe unicode string is safe. Otherwise, the result is no longer safe.</span> <span class="sd"> """</span> <span class="n">t</span> <span class="o">=</span> <span class="nb">super</span><span class="p">(</span><span class="n">SafeText</span><span class="p">,</span> <span class="bp">self</span><span class="p">)</span><span class="o">.</span><span class="n">__add__</span><span class="p">(</span><span class="n">rhs</span><span class="p">)</span> <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">rhs</span><span class="p">,</span> <span class="n">SafeData</span><span class="p">):</span> <span class="k">return</span> <span class="n">SafeText</span><span class="p">(</span><span class="n">t</span><span class="p">)</span> <span class="k">return</span> <span class="n">t</span> <span class="k">def</span> <span class="nf">_proxy_method</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="sd">"""</span> <span class="sd"> Wrap a call to a normal unicode method up so that we return safe</span> <span class="sd"> results. The method that is being wrapped is passed in the 'method'</span> <span class="sd"> argument.</span> <span class="sd"> """</span> <span class="n">method</span> <span class="o">=</span> <span class="n">kwargs</span><span class="o">.</span><span class="n">pop</span><span class="p">(</span><span class="s1">'method'</span><span class="p">)</span> <span class="n">data</span> <span class="o">=</span> <span class="n">method</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="nb">bytes</span><span class="p">):</span> <span class="k">return</span> <span class="n">SafeBytes</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="k">return</span> <span class="n">SafeText</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> <span class="n">encode</span> <span class="o">=</span> <span class="n">curry</span><span class="p">(</span><span class="n">_proxy_method</span><span class="p">,</span> <span class="n">method</span><span class="o">=</span><span class="n">six</span><span class="o">.</span><span class="n">text_type</span><span class="o">.</span><span class="n">encode</span><span class="p">)</span></div> <span class="k">if</span> <span class="n">six</span><span class="o">.</span><span class="n">PY3</span><span class="p">:</span> <span class="n">SafeString</span> <span class="o">=</span> <span class="n">SafeText</span> <span class="k">else</span><span class="p">:</span> <span class="n">SafeString</span> <span class="o">=</span> <span class="n">SafeBytes</span> <span class="c1"># backwards compatibility for Python 2</span> <span class="n">SafeUnicode</span> <span class="o">=</span> <span class="n">SafeText</span> <div class="viewcode-block" id="mark_safe"><a class="viewcode-back" href="../../../ref/utils.html#django.utils.safestring.mark_safe">[docs]</a><span class="k">def</span> <span class="nf">mark_safe</span><span class="p">(</span><span class="n">s</span><span class="p">):</span> <span class="sd">"""</span> <span class="sd"> Explicitly mark a string as safe for (HTML) output purposes. The returned</span> <span class="sd"> object can be used everywhere a string or unicode object is appropriate.</span> <span class="sd"> Can be called multiple times on a single string.</span> <span class="sd"> """</span> <span class="k">if</span> <span class="nb">hasattr</span><span class="p">(</span><span class="n">s</span><span class="p">,</span> <span class="s1">'__html__'</span><span class="p">):</span> <span class="k">return</span> <span class="n">s</span> <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">s</span><span class="p">,</span> <span class="nb">bytes</span><span class="p">)</span> <span class="ow">or</span> <span class="p">(</span><span class="nb">isinstance</span><span class="p">(</span><span class="n">s</span><span class="p">,</span> <span class="n">Promise</span><span class="p">)</span> <span class="ow">and</span> <span class="n">s</span><span class="o">.</span><span class="n">_delegate_bytes</span><span class="p">):</span> <span class="k">return</span> <span class="n">SafeBytes</span><span class="p">(</span><span class="n">s</span><span class="p">)</span> <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">s</span><span class="p">,</span> <span class="p">(</span><span class="n">six</span><span class="o">.</span><span class="n">text_type</span><span class="p">,</span> <span class="n">Promise</span><span class="p">)):</span> <span class="k">return</span> <span class="n">SafeText</span><span class="p">(</span><span class="n">s</span><span class="p">)</span> <span class="k">return</span> <span class="n">SafeString</span><span class="p">(</span><span class="nb">str</span><span class="p">(</span><span class="n">s</span><span class="p">))</span></div> <div class="viewcode-block" id="mark_for_escaping"><a class="viewcode-back" href="../../../ref/utils.html#django.utils.safestring.mark_for_escaping">[docs]</a><span class="k">def</span> <span class="nf">mark_for_escaping</span><span class="p">(</span><span class="n">s</span><span class="p">):</span> <span class="sd">"""</span> <span class="sd"> Explicitly mark a string as requiring HTML escaping upon output. Has no</span> <span class="sd"> effect on SafeData subclasses.</span> <span class="sd"> Can be called multiple times on a single string (the resulting escaping is</span> <span class="sd"> only applied once).</span> <span class="sd"> """</span> <span class="k">if</span> <span class="nb">hasattr</span><span class="p">(</span><span class="n">s</span><span class="p">,</span> <span class="s1">'__html__'</span><span class="p">)</span> <span class="ow">or</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">s</span><span class="p">,</span> <span class="n">EscapeData</span><span class="p">):</span> <span class="k">return</span> <span class="n">s</span> <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">s</span><span class="p">,</span> <span class="nb">bytes</span><span class="p">)</span> <span class="ow">or</span> <span class="p">(</span><span class="nb">isinstance</span><span class="p">(</span><span class="n">s</span><span class="p">,</span> <span class="n">Promise</span><span class="p">)</span> <span class="ow">and</span> <span class="n">s</span><span class="o">.</span><span class="n">_delegate_bytes</span><span class="p">):</span> <span class="k">return</span> <span class="n">EscapeBytes</span><span class="p">(</span><span class="n">s</span><span class="p">)</span> <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">s</span><span class="p">,</span> <span class="p">(</span><span class="n">six</span><span class="o">.</span><span class="n">text_type</span><span class="p">,</span> <span class="n">Promise</span><span class="p">)):</span> <span class="k">return</span> <span class="n">EscapeText</span><span class="p">(</span><span class="n">s</span><span class="p">)</span> <span class="k">return</span> <span class="n">EscapeString</span><span class="p">(</span><span class="nb">str</span><span class="p">(</span><span class="n">s</span><span class="p">))</span></div> </pre></div> </div> </div> </div> <div class="yui-b" id="sidebar"> <div class="sphinxsidebar" role="navigation" aria-label="main navigation"> <div class="sphinxsidebarwrapper"> <h3>Browse</h3> <ul> </ul> <h3>You are here:</h3> <ul> <li> <a href="../../../index.html">Django 1.8.19 documentation</a> <ul><li><a href="../../index.html">Module code</a> <ul><li><a href="../../django.html">django</a> <ul><li>django.utils.safestring</li></ul> </li></ul></li></ul> </li> </ul> <div id="searchbox" style="display: none" role="search"> <h3>Quick search</h3> <form class="search" action="../../../search.html" method="get"> <div><input type="text" name="q" /></div> <div><input type="submit" value="Go" /></div> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> </div> <script type="text/javascript">$('#searchbox').show(0);</script> </div> </div> <h3>Last update:</h3> <p class="topless">Mar 10, 2018</p> </div> </div> <div id="ft"> <div class="nav"> <a href="../../index.html" title="Module code" accesskey="U">up</a></div> </div> </div> <div class="clearer"></div> </div> </body> </html>