Merge 'issue_67' into development: closing issue #67 (cgi.escape(quote=True))

Double quotes are now escaped, by default (when markupsafe is not available).

Merge 'issue_67' into development: closing issue #67 (cgi.escape(quote=True))
Double quotes are now escaped, by default (when markupsafe is not available).
2c4cc815 · Chris Jerdonek · 0aabea24 · 4e9f0064 · 2c4cc815 · 2c4cc815
Commit 2c4cc815 authored Dec 25, 2011 by Chris Jerdonek
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 7 deletions

pystache/renderer.py
+10 -5

tests/test_renderer.py
+6 -2

No files found.
--- a/pystache/renderer.py
+++ b/pystache/renderer.py
@@ -92,8 +92,13 @@ class Renderer(object):
            default_encoding = sys.getdefaultencoding()

        if escape is None:
-            # TODO: use 'quote=True' with cgi.escape and add tests.
-            escape = markupsafe.escape if markupsafe else cgi.escape
+            if markupsafe:
+                escape = markupsafe.escape
+            else:
+                # The quote=True argument causes double quotes to be escaped,
+                # but not single quotes:
+                #   http://docs.python.org/library/cgi.html#cgi.escape
+                escape = lambda s: cgi.escape(s, quote=True)

        if loader is None:
            loader = Loader(encoding=default_encoding, decode_errors=decode_errors)
@@ -108,7 +113,7 @@ class Renderer(object):

    def _to_unicode_soft(self, s):
        """
-        Convert an str or unicode string to a unicode string (or subclass).
+        Convert a basestring to unicode, preserving any unicode subclass.

        """
        # Avoid the "double-decoding" TypeError.
@@ -116,14 +121,14 @@ class Renderer(object):

    def _to_unicode_hard(self, s):
        """
-        Convert an str or unicode string to a unicode string (not subclass).
+        Convert a basestring to a string with type unicode (not subclass).

        """
        return unicode(self._to_unicode_soft(s))

    def _escape_to_unicode(self, s):
        """
-        Convert an str or unicode string to unicode, and escape it.
+        Convert a basestring to unicode (preserving any unicode subclass), and escape it.

        Returns a unicode string (not subclass).


--- a/tests/test_renderer.py
+++ b/tests/test_renderer.py
@@ -97,8 +97,12 @@ class RendererTestCase(unittest.TestCase):
        self.assertEquals(bool(markupsafe), self._was_markupsafe_imported())

    def test_init__escape__default_without_markupsafe(self):
-        renderer = Renderer()
-        self.assertEquals(renderer.escape(">'"), "&gt;'")
+        escape = Renderer().escape
+
+        self.assertEquals(escape(">"), "&gt;")
+        self.assertEquals(escape('"'), "&quot;")
+        # Single quotes are not escaped.
+        self.assertEquals(escape("'"), "'")

    def test_init__escape__default_with_markupsafe(self):
        if not self._was_markupsafe_imported():