From 2bd9d54b2762c991e11950c22c88c0336158d49b Mon Sep 17 00:00:00 2001 From: Simon Willison Date: Sun, 23 May 2021 18:41:50 -0700 Subject: [PATCH] Fix Jinja warnings, closes #1338, refs #1331 --- datasette/app.py | 5 ++--- datasette/views/database.py | 10 +++++----- datasette/views/table.py | 24 +++++++++++++----------- docs/plugin_hooks.rst | 8 ++++---- tests/plugins/my_plugin_2.py | 8 ++++---- 5 files changed, 28 insertions(+), 27 deletions(-) diff --git a/datasette/app.py b/datasette/app.py index ee816426..e284995a 100644 --- a/datasette/app.py +++ b/datasette/app.py @@ -19,9 +19,8 @@ import urllib.parse from concurrent import futures from pathlib import Path -from markupsafe import Markup +from markupsafe import Markup, escape from itsdangerous import URLSafeSerializer -import jinja2 from jinja2 import ChoiceLoader, Environment, FileSystemLoader, PrefixLoader, escape from jinja2.environment import Template from jinja2.exceptions import TemplateNotFound @@ -864,7 +863,7 @@ class Datasette: } if request and request.args.get("_context") and self.setting("template_debug"): return "
{}
".format( - jinja2.escape(json.dumps(template_context, default=repr, indent=4)) + escape(json.dumps(template_context, default=repr, indent=4)) ) return await template.render_async(template_context) diff --git a/datasette/views/database.py b/datasette/views/database.py index 0c58a351..96b2ca91 100644 --- a/datasette/views/database.py +++ b/datasette/views/database.py @@ -1,8 +1,8 @@ import os import hashlib import itertools -import jinja2 import json +from markupsafe import Markup, escape from urllib.parse import parse_qsl, urlencode from datasette.utils import ( @@ -354,11 +354,11 @@ class QueryView(DataView): display_value = plugin_value else: if value in ("", None): - display_value = jinja2.Markup(" ") + display_value = Markup(" ") elif is_url(str(display_value).strip()): - display_value = jinja2.Markup( + display_value = Markup( '{url}'.format( - url=jinja2.escape(value.strip()) + url=escape(value.strip()) ) ) elif isinstance(display_value, bytes): @@ -372,7 +372,7 @@ class QueryView(DataView): ).hexdigest(), }, ) - display_value = jinja2.Markup( + display_value = Markup( '<Binary: {} byte{}>'.format( blob_url, len(display_value), diff --git a/datasette/views/table.py b/datasette/views/table.py index 48792284..8007377a 100644 --- a/datasette/views/table.py +++ b/datasette/views/table.py @@ -2,7 +2,7 @@ import urllib import itertools import json -import jinja2 +import markupsafe from datasette.plugins import pm from datasette.database import QueryInterrupted @@ -135,12 +135,12 @@ class RowTableShared(DataView): "value_type": "pk", "is_special_link_column": is_special_link_column, "raw": pk_path, - "value": jinja2.Markup( + "value": markupsafe.Markup( '{flat_pks}'.format( base_url=base_url, database=database, table=urllib.parse.quote_plus(table), - flat_pks=str(jinja2.escape(pk_path)), + flat_pks=str(markupsafe.escape(pk_path)), flat_pks_quoted=path_from_row_pks(row, pks, not pks), ) ), @@ -166,7 +166,7 @@ class RowTableShared(DataView): if plugin_display_value is not None: display_value = plugin_display_value elif isinstance(value, bytes): - display_value = jinja2.Markup( + display_value = markupsafe.Markup( '<Binary: {} byte{}>'.format( self.ds.urls.row_blob( database, @@ -187,22 +187,22 @@ class RowTableShared(DataView): link_template = ( LINK_WITH_LABEL if (label != value) else LINK_WITH_VALUE ) - display_value = jinja2.Markup( + display_value = markupsafe.Markup( link_template.format( database=database, base_url=base_url, table=urllib.parse.quote_plus(other_table), link_id=urllib.parse.quote_plus(str(value)), - id=str(jinja2.escape(value)), - label=str(jinja2.escape(label)) or "-", + id=str(markupsafe.escape(value)), + label=str(markupsafe.escape(label)) or "-", ) ) elif value in ("", None): - display_value = jinja2.Markup(" ") + display_value = markupsafe.Markup(" ") elif is_url(str(value).strip()): - display_value = jinja2.Markup( + display_value = markupsafe.Markup( '{url}'.format( - url=jinja2.escape(value.strip()) + url=markupsafe.escape(value.strip()) ) ) elif column in table_metadata.get("units", {}) and value != "": @@ -212,7 +212,9 @@ class RowTableShared(DataView): # representation, which we have to round off to avoid ugliness. In the vast # majority of cases this rounding will be inconsequential. I hope. value = round(value.to_compact(), 6) - display_value = jinja2.Markup(f"{value:~P}".replace(" ", " ")) + display_value = markupsafe.Markup( + f"{value:~P}".replace(" ", " ") + ) else: display_value = str(value) if truncate_cells and len(display_value) > truncate_cells: diff --git a/docs/plugin_hooks.rst b/docs/plugin_hooks.rst index 7a1645ec..688eaa61 100644 --- a/docs/plugin_hooks.rst +++ b/docs/plugin_hooks.rst @@ -389,7 +389,7 @@ If the value matches that pattern, the plugin returns an HTML link element: .. code-block:: python from datasette import hookimpl - import jinja2 + import markupsafe import json @@ -415,9 +415,9 @@ If the value matches that pattern, the plugin returns an HTML link element: or href.startswith("https://") ): return None - return jinja2.Markup('{label}'.format( - href=jinja2.escape(data["href"]), - label=jinja2.escape(data["label"] or "") or " " + return markupsafe.Markup('{label}'.format( + href=markupsafe.escape(data["href"]), + label=markupsafe.escape(data["label"] or "") or " " )) Examples: `datasette-render-binary `_, `datasette-render-markdown `__, `datasette-json-html `__ diff --git a/tests/plugins/my_plugin_2.py b/tests/plugins/my_plugin_2.py index 6cd222e6..f3b794cf 100644 --- a/tests/plugins/my_plugin_2.py +++ b/tests/plugins/my_plugin_2.py @@ -1,6 +1,6 @@ from datasette import hookimpl from functools import wraps -import jinja2 +import markupsafe import json @@ -38,11 +38,11 @@ def render_cell(value, database): or href.startswith("https://") ): return None - return jinja2.Markup( + return markupsafe.Markup( '{label}'.format( database=database, - href=jinja2.escape(data["href"]), - label=jinja2.escape(data["label"] or "") or " ", + href=markupsafe.escape(data["href"]), + label=markupsafe.escape(data["label"] or "") or " ", ) )