Problem: autoescape not getting passed to urlize_quoted_links filter (#6191)

dkliban · carltongibson · commit dd19a44583e3 · 2018-10-10T10:36:04.000+02:00
Solution: set needs_autoescape=True when registering the filter

Without this patch, the disabling autoescape in the template does not work.
diff --git a/rest_framework/templatetags/rest_framework.py b/rest_framework/templatetags/rest_framework.py
@@ -314,7 +314,7 @@ def smart_urlquote_wrapper(matched_url):
         return None
 
 
-@register.filter
+@register.filter(needs_autoescape=True)
 def urlize_quoted_links(text, trim_url_limit=None, nofollow=True, autoescape=True):
     """
     Converts any URLs in text into clickable links.
diff --git a/tests/test_templatetags.py b/tests/test_templatetags.py
@@ -3,6 +3,7 @@
 
 import unittest
 
+from django.template import Context, Template
 from django.test import TestCase
 
 from rest_framework.compat import coreapi, coreschema
@@ -304,6 +305,16 @@ def test_json_with_url(self):
             '&quot;foo_set&quot;: [\n    &quot;<a href="http://api/foos/1/">http://api/foos/1/</a>&quot;\n], '
         self._urlize_dict_check(data)
 
+    def test_template_render_with_noautoescape(self):
+        """
+        Test if the autoescape value is getting passed to urlize_quoted_links filter.
+        """
+        template = Template("{% load rest_framework %}"
+                            "{% autoescape off %}{{ content|urlize_quoted_links }}"
+                            "{% endautoescape %}")
+        rendered = template.render(Context({'content': '"http://example.com"'}))
+        assert rendered == '"<a href="http://example.com" rel="nofollow">http://example.com</a>"'
+
 
 @unittest.skipUnless(coreapi, 'coreapi is not installed')
 class SchemaLinksTests(TestCase):
