2022-01-24 04:07:52 +00:00
|
|
|
import typing as t
|
2019-12-10 20:09:51 +00:00
|
|
|
|
|
|
|
from . import Markup
|
|
|
|
|
|
|
|
|
2022-01-24 04:07:52 +00:00
|
|
|
def escape(s: t.Any) -> Markup:
|
2019-12-10 20:09:51 +00:00
|
|
|
"""Replace the characters ``&``, ``<``, ``>``, ``'``, and ``"`` in
|
|
|
|
the string with HTML-safe sequences. Use this if you need to display
|
|
|
|
text that might contain such characters in HTML.
|
|
|
|
|
|
|
|
If the object has an ``__html__`` method, it is called and the
|
|
|
|
return value is assumed to already be safe for HTML.
|
|
|
|
|
|
|
|
:param s: An object to be converted to a string and escaped.
|
|
|
|
:return: A :class:`Markup` string with the escaped text.
|
|
|
|
"""
|
|
|
|
if hasattr(s, "__html__"):
|
|
|
|
return Markup(s.__html__())
|
2022-01-24 04:07:52 +00:00
|
|
|
|
2019-12-10 20:09:51 +00:00
|
|
|
return Markup(
|
2022-01-24 04:07:52 +00:00
|
|
|
str(s)
|
2019-12-10 20:09:51 +00:00
|
|
|
.replace("&", "&")
|
|
|
|
.replace(">", ">")
|
|
|
|
.replace("<", "<")
|
|
|
|
.replace("'", "'")
|
|
|
|
.replace('"', """)
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2022-01-24 04:07:52 +00:00
|
|
|
def escape_silent(s: t.Optional[t.Any]) -> Markup:
|
2019-12-10 20:09:51 +00:00
|
|
|
"""Like :func:`escape` but treats ``None`` as the empty string.
|
|
|
|
Useful with optional values, as otherwise you get the string
|
|
|
|
``'None'`` when the value is ``None``.
|
|
|
|
|
|
|
|
>>> escape(None)
|
|
|
|
Markup('None')
|
|
|
|
>>> escape_silent(None)
|
|
|
|
Markup('')
|
|
|
|
"""
|
|
|
|
if s is None:
|
|
|
|
return Markup()
|
2022-01-24 04:07:52 +00:00
|
|
|
|
2019-12-10 20:09:51 +00:00
|
|
|
return escape(s)
|
|
|
|
|
|
|
|
|
2022-01-24 04:07:52 +00:00
|
|
|
def soft_str(s: t.Any) -> str:
|
2019-12-10 20:09:51 +00:00
|
|
|
"""Convert an object to a string if it isn't already. This preserves
|
|
|
|
a :class:`Markup` string rather than converting it back to a basic
|
|
|
|
string, so it will still be marked as safe and won't be escaped
|
|
|
|
again.
|
|
|
|
|
2022-01-24 04:07:52 +00:00
|
|
|
>>> value = escape("<User 1>")
|
2019-12-10 20:09:51 +00:00
|
|
|
>>> value
|
|
|
|
Markup('<User 1>')
|
|
|
|
>>> escape(str(value))
|
|
|
|
Markup('&lt;User 1&gt;')
|
2022-01-24 04:07:52 +00:00
|
|
|
>>> escape(soft_str(value))
|
2019-12-10 20:09:51 +00:00
|
|
|
Markup('<User 1>')
|
|
|
|
"""
|
2022-01-24 04:07:52 +00:00
|
|
|
if not isinstance(s, str):
|
|
|
|
return str(s)
|
|
|
|
|
2019-12-10 20:09:51 +00:00
|
|
|
return s
|
2022-01-24 04:07:52 +00:00
|
|
|
|
|
|
|
|
|
|
|
def soft_unicode(s: t.Any) -> str:
|
|
|
|
import warnings
|
|
|
|
|
|
|
|
warnings.warn(
|
|
|
|
"'soft_unicode' has been renamed to 'soft_str'. The old name"
|
|
|
|
" will be removed in MarkupSafe 2.1.",
|
|
|
|
DeprecationWarning,
|
|
|
|
stacklevel=2,
|
|
|
|
)
|
|
|
|
return soft_str(s)
|