[Django] #34574: Extend docs for `autoescape` and `escape` with examples using filters that operate with sequences

[Django]

#34574: Extend docs for `autoescape` and `escape` with examples using filters 
that
operate with sequences
-------------------------------------------+------------------------
               Reporter:  Natalia Bidart   |          Owner:  nobody
                   Type:  Uncategorized    |         Status:  new
              Component:  Template system  |        Version:  4.2
               Severity:  Normal           |       Keywords:
           Triage Stage:  Unreviewed       |      Has patch:  0
    Needs documentation:  0                |    Needs tests:  0
Patch needs improvement:  0                |  Easy pickings:  0
                  UI/UX:  0                |
-------------------------------------------+------------------------
 Following a recent report, it has come to out attention that the docs for
 `autoescape` and `escape` could be improved by explicitly mentioning how
 those interact with the results of applying (chaining) filters that would
 mark their result as safe (like those that operate with sequences). For
 example, in this code:

 {{{
 {% autoescape off %}
 {{ some_list|join:","|escape }}
 {% endautoescape %}
 }}}

 the string resulting from the concatenation of `some_list` items would not
 be escaped. The reason is that `join` returns a string marked as safe (but
 since it was executed in the context of `autoescape` being off, each
 individual item is not escaped), and the `escape` docs mention the
 following (but they could use an example to make the point more obvious):

 {{{
 Applying escape to a variable that would normally have auto-escaping
 applied to the result will only result in one round of escaping being
 done.
 }}}

 Similarly, the `safe` docs also refers to the above (but again,
 explicitness could go long way here):

 {{{
 If you are chaining filters, a filter applied after safe can make the
 contents unsafe again. For example, the following code prints the variable
 as is, unescaped:

 {{ var|safe|escape }}
 }}}

 which is analogous to what is happening in the first code snippet: `join`
 is marking the result as safe, so the chained `|escape` does nothing.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/34574>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/010701882f207f9c-f8f9693a-09ae-4abd-a9f7-29ff54d2d6e6-000000%40eu-central-1.amazonses.com.