Fixed #29412 -- Stopped marking slugify() result as HTML safe.

DEUCE1957 · Jul 20, 2018 · b004bd6 · b004bd6
1 parent 861638a
commit b004bd6
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 11 deletions.
diff --git a/django/utils/text.py b/django/utils/text.py
@@ -4,10 +4,7 @@
 from gzip import GzipFile
 from io import BytesIO
 
-from django.utils.functional import (
-    SimpleLazyObject, keep_lazy, keep_lazy_text, lazy,
-)
-from django.utils.safestring import SafeText, mark_safe
+from django.utils.functional import SimpleLazyObject, keep_lazy_text, lazy
 from django.utils.translation import gettext as _, gettext_lazy, pgettext
 
 
@@ -399,7 +396,7 @@ def unescape_string_literal(s):
     return s[1:-1].replace(r'\%s' % quote, quote).replace(r'\\', '\\')
 
 
-@keep_lazy(str, SafeText)
+@keep_lazy_text
 def slugify(value, allow_unicode=False):
     """
     Convert to ASCII if 'allow_unicode' is False. Convert spaces to hyphens.
@@ -412,7 +409,7 @@ def slugify(value, allow_unicode=False):
     else:
         value = unicodedata.normalize('NFKD', value).encode('ascii', 'ignore').decode('ascii')
     value = re.sub(r'[^\w\s-]', '', value).strip().lower()
-    return mark_safe(re.sub(r'[-\s]+', '-', value))
+    return re.sub(r'[-\s]+', '-', value)
 
 
 def camel_case_to_spaces(value):

diff --git a/docs/releases/2.2.txt b/docs/releases/2.2.txt
@@ -244,6 +244,9 @@ Miscellaneous
 * For consistency with WSGI servers, the test client now sets the
   ``Content-Length`` header to a string rather than an integer.
 
+* The return value of :func:`django.utils.text.slugify` is no longer marked as
+  HTML safe.
+
 .. _deprecated-features-2.2:
 
 Features deprecated in 2.2

diff --git a/tests/utils_tests/test_safestring.py b/tests/utils_tests/test_safestring.py
@@ -1,6 +1,6 @@
 from django.template import Context, Template
 from django.test import SimpleTestCase
-from django.utils import html, text
+from django.utils import html
 from django.utils.functional import lazy, lazystr
 from django.utils.safestring import SafeData, mark_safe
 
@@ -69,10 +69,6 @@ def test_add_lazy_safe_text_and_safe_text(self):
         s += mark_safe('&b')
         self.assertRenderEqual('{{ s }}', 'a&b', s=s)
 
-        s = text.slugify(lazystr('a'))
-        s += mark_safe('&b')
-        self.assertRenderEqual('{{ s }}', 'a&b', s=s)
-
     def test_mark_safe_as_decorator(self):
         """
         mark_safe used as a decorator leaves the result of a function

diff --git a/tests/utils_tests/test_text.py b/tests/utils_tests/test_text.py
@@ -1,4 +1,5 @@
 import json
+import sys
 
 from django.test import SimpleTestCase
 from django.utils import text
@@ -179,6 +180,8 @@ def test_slugify(self):
         )
         for value, output, is_unicode in items:
             self.assertEqual(text.slugify(value, allow_unicode=is_unicode), output)
+        # interning the result may be useful, e.g. when fed to Path.
+        self.assertEqual(sys.intern(text.slugify('a')), 'a')
 
     def test_unescape_entities(self):
         items = [