Merge pull request #13842 from netchampfaris/safe-render-off

fix: ability to disable safe_render for template pages
2021-08-12 11:54:32 +00:00 · 2021-08-12 11:54:32 +00:00 · 3dc9dfe0c7
commit 3dc9dfe0c7
parent 1015283731 7a34c542c1
4 changed files with 29 additions and 1 deletions
--- a/frappe/tests/test_website.py
+++ b/frappe/tests/test_website.py
@ -280,6 +280,16 @@ class TestWebsite(unittest.TestCase):

 		frappe.flags.force_website_cache = False

+	def test_safe_render(self):
+		content = get_response_content('/_test/_test_safe_render_on')
+		self.assertNotIn("Safe Render On", content)
+		self.assertIn("frappe.exceptions.ValidationError: Illegal template", content)
+
+		content = get_response_content('/_test/_test_safe_render_off')
+		self.assertIn("Safe Render Off", content)
+		self.assertIn("test.__test", content)
+		self.assertNotIn("frappe.exceptions.ValidationError: Illegal template", content)
+

 def set_home_page_hook(key, value):
 	from frappe import hooks
--- a/frappe/website/page_renderers/template_page.py
+++ b/frappe/website/page_renderers/template_page.py
@ -204,7 +204,12 @@ class TemplatePage(BaseTemplatePage):
 		if self.template_path.endswith('min.js'):
 			html = self.source # static
 		else:
-			html = frappe.render_template(self.source, self.context)
+			if self.context.safe_render is not None:
+				safe_render = self.context.safe_render
+			else:
+				safe_render = True
+
+			html = frappe.render_template(self.source, self.context, safe_render=safe_render)

 		return html

--- a/frappe/www/_test/_test_safe_render_off.html
+++ b/frappe/www/_test/_test_safe_render_off.html
@ -0,0 +1,7 @@
+---
+title: Safe Render Off
+safe_render: false
+---
+
+<div>{{ title }}</div>
+<div>test.__test</div>
--- a/frappe/www/_test/_test_safe_render_on.html
+++ b/frappe/www/_test/_test_safe_render_on.html
@ -0,0 +1,6 @@
+---
+title: Safe Render On
+---
+
+<div>{{ title }}</div>
+<div>test.__test</div>