maya-chen/flask
1
0
Fork 0
forked from orbit-oss/flask
Code Pull requests Activity

deprecate markupsafe exports

Browse source
This commit is contained in:
David Lord 2023-02-23 08:55:01 -08:00
parent 1ee22e1736
commit 9c02f07f9b
No known key found for this signature in database
GPG key ID: 7A1C87E3F5BC42A8
8 changed files with 41 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/api.rst
View file

@ -217,10 +217,6 @@ Useful Functions and Classes
.. autofunction:: send_from_directory
.. autofunction:: escape
.. autoclass:: Markup
:members: escape, unescape, striptags
Message Flashing
----------------

2
docs/security.rst
View file

@ -23,7 +23,7 @@ in templates, but there are still other places where you have to be
careful:
- generating HTML without the help of Jinja2
- calling :class:`~flask.Markup` on data submitted by users
- calling :class:`~markupsafe.Markup` on data submitted by users
- sending out HTML from uploaded files, never do that, use the
``Content-Disposition: attachment`` header to prevent that problem.
- sending out textfiles from uploaded files. Some browsers are using

2
docs/templating.rst
View file

@ -115,7 +115,7 @@ markdown to HTML converter.
There are three ways to accomplish that:
- In the Python code, wrap the HTML string in a :class:`~flask.Markup`
- In the Python code, wrap the HTML string in a :class:`~markupsafe.Markup`
object before passing it to the template. This is in general the
recommended way.
- Inside the template, use the ``|safe`` filter to explicitly mark a