maya-chen/flask
1
0
Fork 0
forked from orbit-oss/flask
Code Pull requests Activity

use Jinja's tojson filter

Browse source
This commit is contained in:
David Lord 2021-02-01 22:41:49 -08:00
parent fdf5d11b51
commit b473e7c97c
No known key found for this signature in database
GPG key ID: 7A1C87E3F5BC42A8
7 changed files with 28 additions and 88 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/flask/app.py
View file

@ -681,7 +681,7 @@ class Flask(Scaffold):
session=session,
g=g,
)
rv.filters["tojson"] = json.tojson_filter
rv.policies["json.dumps_function"] = json.dumps
return rv
def create_global_jinja_loader(self):

26
src/flask/json/__init__.py
View file

@ -5,7 +5,7 @@ import warnings
from datetime import date
from datetime import datetime
from markupsafe import Markup
from jinja2.utils import htmlsafe_json_dumps as _jinja_htmlsafe_dumps
from werkzeug.http import http_date
from ..globals import current_app
@ -234,30 +234,28 @@ def load(fp, app=None, **kwargs):
return _json.load(fp, **kwargs)
_htmlsafe_map = str.maketrans(
{"<": "\\u003c", ">": "\\u003e", "&": "\\u0026", "'": "\\u0027"}
)
def htmlsafe_dumps(obj, **kwargs):
"""Serialize an object to a string of JSON, replacing HTML-unsafe
characters with Unicode escapes. Otherwise behaves the same as
:func:`dumps`.
"""Serialize an object to a string of JSON with :func:`dumps`, then
replace HTML-unsafe characters with Unicode escapes and mark the
result safe with :class:`~markupsafe.Markup`.
This is available in templates as the ``|tojson`` filter, which will
also mark the result with ``|safe``.
This is available in templates as the ``|tojson`` filter.
The returned string is safe to render in HTML documents and
``<script>`` tags. The exception is in HTML attributes that are
double quoted; either use single quotes or the ``|forceescape``
filter.
.. versionchanged:: 2.0
Uses :func:`jinja2.utils.htmlsafe_json_dumps`. The returned
value is marked safe by wrapping in :class:`~markupsafe.Markup`.
.. versionchanged:: 0.10
Single quotes are escaped, making this safe to use in HTML,
``<script>`` tags, and single-quoted attributes without further
escaping.
"""
return dumps(obj, **kwargs).translate(_htmlsafe_map)
return _jinja_htmlsafe_dumps(obj, dumps=dumps, **kwargs)
def htmlsafe_dump(obj, fp, **kwargs):
@ -335,7 +333,3 @@ def jsonify(*args, **kwargs):
f"{dumps(data, indent=indent, separators=separators)}\n",
mimetype=current_app.config["JSONIFY_MIMETYPE"],
)
def tojson_filter(obj, **kwargs):
return Markup(htmlsafe_dumps(obj, **kwargs))