Add "forceescape" filter

CHANGELOG.md

@@ -1,6 +1,7 @@
 Changelog
 =========
 
+* Add `forceescape` filter. Fixes [#782](https://github.com/mozilla/nunjucks/issues/782)
 
 3.1.2 (Feb 23 2018)
 -------------------

docs/templating.md

@@ -1124,6 +1124,10 @@ This default can be overridden by using the first parameter.
 3.5
 ```
 
+### forceescape
+
+Enforce HTML escaping. This will probably double escape variables.
+
 ### groupby
 
 Group a sequence of objects by a common attribute:

nunjucks/src/filters.js

@@ -156,6 +156,13 @@ function first(arr) {
 
 exports.first = first;
 
+function forceescape(str) {
+ str = (str === null || str === undefined) ? '' : str;
+ return r.markSafe(lib.escape(str.toString()));
+}
+
+exports.forceescape = forceescape;
+
 function groupby(arr, attr) {
  return lib.groupBy(arr, attr);
 }

tests/filters.js

@@ -228,6 +228,12 @@
  equal('{{ "0" | float }}', '0');
  });
 
+ it('forceescape', function(done) {
+ equal('{{ str | forceescape }}', { str: r.markSafe('<html>')}, '&lt;html&gt;');
+ equal('{{ "<html>" | safe | forceescape }}', '&lt;html&gt;');
+ finish(done);
+ });
+
  it('int', function() {
  equal('{{ "3.5" | int }}', '3');
  equal('{{ "0" | int }}', '0');