Add .svg to select_jinja_autoescape

This commit is contained in:
Jonah Lawrence 2022-10-07 15:45:18 +00:00 committed by GitHub
parent 3dc6db9d0c
commit f87623f8d7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 12 additions and 2 deletions

View file

@ -9,6 +9,8 @@ Version 2.2.3
Unreleased
- Autoescaping is now enabled by default for ``.svg`` files. Inside
templates this behavior can be changed with the ``autoescape`` tag.
Version 2.2.2
-------------

View file

@ -436,6 +436,11 @@ Here is a basic introduction to how the :class:`~markupsafe.Markup` class works:
>>> Markup('<em>Marked up</em> &raquo; HTML').striptags()
'Marked up » HTML'
.. versionchanged:: 2.2
In addition to the extensions below, templates with the ``.svg`` extension
are also autoescaped.
.. versionchanged:: 0.5
Autoescaping is no longer enabled for all templates. The following

View file

@ -18,7 +18,7 @@ Jinja Setup
Unless customized, Jinja2 is configured by Flask as follows:
- autoescaping is enabled for all templates ending in ``.html``,
``.htm``, ``.xml`` as well as ``.xhtml`` when using
``.htm``, ``.xml``, ``.xhtml``, as well as ``.svg`` when using
:func:`~flask.templating.render_template`.
- autoescaping is enabled for all strings when using
:func:`~flask.templating.render_template_string`.

View file

@ -961,11 +961,14 @@ class Flask(Scaffold):
"""Returns ``True`` if autoescaping should be active for the given
template name. If no template name is given, returns `True`.
.. versionchanged:: 2.2
Autoescaping is now enabled by default for ``.svg`` files.
.. versionadded:: 0.5
"""
if filename is None:
return True
return filename.endswith((".html", ".htm", ".xml", ".xhtml"))
return filename.endswith((".html", ".htm", ".xml", ".xhtml", ".svg"))
def update_template_context(self, context: dict) -> None:
"""Update the template context with some commonly used variables.