This commit introduces several improvements to the template tags and filters used in Django Rest Framework (DRF). The enhancements focus on code readability, maintainability, efficiency, and security. Key changes include:
### Enhancements:
1. **Regex Precompilation:**
- Moved regular expression compilation outside of functions to avoid recompilation and improve performance.
2. **Simplified Add Class Function:**
- Refactored the `add_class` function for better readability and efficiency, ensuring that CSS classes are added accurately and safely.
3. **Modularized and Documented Code:**
- Broke down larger functions and added detailed comments and docstrings to explain the purpose and functionality of each tag and filter, improving code maintainability.
4. **Security Enhancements:**
- Ensured proper escaping of HTML and judicious use of `mark_safe` to prevent XSS attacks, particularly in functions dealing with user-generated content.
5. **Optimized Markdown Rendering:**
- Added conditional checks for the availability of the `apply_markdown` function and provided safe fallbacks, enhancing the robustness of markdown rendering.
6. **Improved Handling of Dynamic URLs and Headers:**
- Enhanced the logic for handling dynamic URLs and long headers, ensuring that URLs are quoted correctly and headers are broken safely to maintain readability.
### Detailed Changes:
- Precompiled regex patterns for class handling and URL validation.
- Simplified the `add_class` logic by reducing regex operations and ensuring accurate class insertion.
- Added docstrings and inline comments for better code understanding.
- Enhanced security by using `escape` and `mark_safe` appropriately.
- Improved the handling of markdown text rendering by checking for `apply_markdown` and using `mark_safe`.
- Refined the handling of pagination HTML and form rendering for better user experience.
- Optimized functions to ensure better performance and adherence to Django best practices.
These changes aim to enhance the overall functionality, readability, and security of the template tags and filters, contributing to a more robust and maintainable codebase for Django Rest Framework.
The header input is now properly escaped before splitting and joining with <br> tags. This prevents potential XSS attacks if the header contains unsanitized user input.
* Make inflection package truly optional
Fix#9291
* Make inflection compat layer consistent with the others
Co-authored-by: T. Franzel <13507857+tfranzel@users.noreply.github.com>
---------
Co-authored-by: T. Franzel <13507857+tfranzel@users.noreply.github.com>
* Release Notes for 3.15
- Add docs/community/3.15-announcement.md
- Update docs/community/release-notes.md
- Update mkdocs.yml
Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
* Release date pending
bump
* Changes to docs should not be included in release notes.
* Changes to project workflow should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to project workflow should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to project workflow should not be included in release notes.
* Changes to project workflow should not be included in release notes.
* Changes to project workflow should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to project workflow should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to project workflow should not be included in release notes.
* Changes to docs should not be included in release notes.
* Fix typo
* Changes to tests should not be included in release notes.
* Changes to project workflow should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to project workflow should not be included in release notes.
* Changes to project workflow should not be included in release notes.
* Changes to project workflow should not be included in release notes.
* Changes to project workflow should not be included in release notes.
* Changes to project workflow should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to tests should not be included in release notes.
* Changes to tests should not be included in release notes.
* Fix typo in release notes.
* Changes to project workflow should not be included in release notes.
* Changes to project workflow should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to tests should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to docs should not be included in release notes.
* Improve changelog entry
* Changes to docs should not be included in release notes.
* Changes to docs should not be included in release notes.
* Changes to project workflow should not be included in release notes.
* Changes to docs should not be included in release notes.
* Update docs/community/3.15-announcement.md
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
* Update docs/community/3.15-announcement.md
* Update docs/community/3.15-announcement.md
* Update docs/community/release-notes.md
* Update docs/community/release-notes.md
Co-authored-by: Christian Clauss <cclauss@me.com>
* Update docs/community/release-notes.md
Co-authored-by: Christian Clauss <cclauss@me.com>
* Update docs/community/3.15-announcement.md
Co-authored-by: JAEGYUN JUNG <twicegoddessana1229@gmail.com>
* Update docs/community/release-notes.md
* Update docs/community/release-notes.md
Co-authored-by: JAEGYUN JUNG <twicegoddessana1229@gmail.com>
* Update release version
* Update supported Python and Django versions
---------
Co-authored-by: Rodrigo <rodrigo@crowdbotics.com>
Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
Co-authored-by: Christian Clauss <cclauss@me.com>
Co-authored-by: JAEGYUN JUNG <twicegoddessana1229@gmail.com>
* refactor removing parameters from kwargs when creating a ListSerializer
* insert child
* small rewrite
---------
Co-authored-by: Willem Van Onsem <willem.vanonsem@prosafco.be>
* Propagate 'default' from model_field to serializer field
Fix#7469.
Co-authored-by: Nikhil Benesch <nikhil.benesch@gmail.com>
* updated field default on serializer according to openapi generation and added that to options action response
* added notes regarding default value propagation from model to serializer field
* updated note
* Update docs/api-guide/fields.md
* Update docs/api-guide/fields.md
* Update docs/api-guide/fields.md
* Update docs/api-guide/fields.md
* Update docs/api-guide/fields.md
* Update docs/api-guide/fields.md
---------
Co-authored-by: John Parton <john.parton.iv@gmail.com>
Co-authored-by: Nikhil Benesch <nikhil.benesch@gmail.com>
Co-authored-by: Rizwan Shaikh <rshaikh@ces-ltd.com>
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
* Use subquery to remove duplicates in SearchFilter
* Align SearchFilter behaviour to django.contrib.admin
* Add compatibility with older django/python versions
* Allow search to split also by comma after smart split
* Use generator to build search conditions to reduce iterations
* Improve search documentation
* Update docs/api-guide/filtering.md
---------
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
* fix OpenAPIRenderer for timedelta
* added test for rendering openapi with timedelta
* fix OpenAPIRenderer for timedelta
* added test for rendering openapi with timedelta
* Removed usage of field.choices that triggered full table load (#8950)
Removed the `{{ field.choices|yesno:",disabled" }}` block because this triggers the loading of full database table worth of objects just to determine whether the multi-select widget should be set as disabled or not.
Since this "disabled" marking feature is not present in the normal select field, then I propose to remove it also from the multi-select.
* Added Deprecation Warnings for CoreAPI (#7519)
* Added Deprecation Warnings for CoreAPI
* Bumped removal to DRF315
* Update rest_framework/__init__.py
* Update rest_framework/filters.py
* Update rest_framework/filters.py
* Update tests/schemas/test_coreapi.py
* Update rest_framework/filters.py
* Update rest_framework/filters.py
* Update tests/schemas/test_coreapi.py
* Update tests/schemas/test_coreapi.py
* Update setup.cfg
* Update rest_framework/pagination.py
---------
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
* Update copy right timeline
* Fix NamespaceVersioning ignoring DEFAULT_VERSION on non-None namespaces (#7278)
* Fix the case where if the namespace is not None and there's no match,
NamespaceVersioning always raises NotFound even if DEFAULT_VERSION
is set or None is in ALLOWED_VERSIONS
* Add test cases
* fix OpenAPIRenderer for timedelta
* added test for rendering openapi with timedelta
* added testcase for rendering yaml with minvalidator for duration field (timedelta)
---------
Co-authored-by: Rizwan Shaikh <rshaikh@ces-ltd.com>
Co-authored-by: Lenno Nagel <lenno@namespace.ee>
Co-authored-by: David Smith <39445562+smithdc1@users.noreply.github.com>
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
Co-authored-by: Konstantin Kuchkov <konstantin.kuchkov@gmail.com>
* Fix the case where if the namespace is not None and there's no match,
NamespaceVersioning always raises NotFound even if DEFAULT_VERSION
is set or None is in ALLOWED_VERSIONS
* Add test cases
Removed the `{{ field.choices|yesno:",disabled" }}` block because this triggers the loading of full database table worth of objects just to determine whether the multi-select widget should be set as disabled or not.
Since this "disabled" marking feature is not present in the normal select field, then I propose to remove it also from the multi-select.
