Merge branch '1.0-maintenance'

.appveyor.yml

@@ -3,7 +3,7 @@ environment:
     TOXENV: py,codecov
 
   matrix:
-    - PYTHON: C:\Python36-x64
+    - PYTHON: C:\Python37-x64
     - PYTHON: C:\Python27-x64
 
 init:

.travis.yml

@@ -1,34 +1,30 @@
 os: linux
-sudo: false
+dist: xenial
 language: python
+python:
+  - "3.7"
+  - "3.6"
+  - "3.5"
+  - "3.4"
+  - "2.7"
+  - nightly
+  - pypy3.5-6.0
+env: TOXENV=py,codecov
 
 matrix:
   include:
-    - python: 3.6
-      env: TOXENV=py,simplejson,devel,lowest,codecov
-    - python: 3.6
-      env: TOXENV=docs-html
-    - python: 3.5
-      env: TOXENV=py,codecov
-    - python: 3.4
-      env: TOXENV=py,codecov
-    - python: 2.7
-      env: TOXENV=py,simplejson,devel,lowest,codecov
-    - python: pypy3
-      env: TOXENV=py,codecov
-    - python: nightly
-      env: TOXENV=py
+    - env: TOXENV=docs-html
+    - env: TOXENV=devel,lowest,codecov
     - os: osx
       language: generic
-      env: TOXENV=py3,py2,codecov
+      env: TOXENV=py3,codecov
       cache:
-        pip: false
         directories:
           - $HOME/Library/Caches/Homebrew
           - $HOME/Library/Caches/pip
   allow_failures:
-    - python: pypy3
     - python: nightly
+    - python: pypy3.5-6.0
     - os: osx
   fast_finish: true
 
@@ -36,7 +32,6 @@ before_install:
   - |
     if [[ $TRAVIS_OS_NAME == 'osx' ]]; then
       brew upgrade python
-      brew install python@2;
       export PATH="/usr/local/opt/python/libexec/bin:${PATH}"
     fi
 
@@ -47,12 +42,15 @@ script:
   - tox
 
 cache:
-  - pip
+  directories:
+    - $HOME/.cache/pip
+    - $HOME/.cache/pre-commit
 
 branches:
   only:
     - master
-    - /^.*-maintenance$/
+    - /^\d+(\.\d+)*-maintenance$/
+    - /^\d+(\.\d+)*(\.x)?$/
 
 notifications:
   email: false

docs/api.rst

@@ -312,10 +312,10 @@ JSON module:
     as string.
 
 The :func:`~htmlsafe_dumps` function of this json module is also available
-as filter called ``|tojson`` in Jinja2.  Note that inside ``script``
-tags no escaping must take place, so make sure to disable escaping
-with ``|safe`` if you intend to use it inside ``script`` tags unless
-you are using Flask 0.10 which implies that:
+as a filter called ``|tojson`` in Jinja2.  Note that in versions of Flask prior
+to Flask 0.10, you must disable escaping with ``|safe`` if you intend to use
+``|tojson`` output inside ``script`` tags. In Flask 0.10 and above, this
+happens automatically (but it's harmless to include ``|safe`` anyway).
 
 .. sourcecode:: html+jinja
 

docs/blueprints.rst

@@ -75,11 +75,12 @@ implement a blueprint that does simple rendering of static templates::
             abort(404)
 
 When you bind a function with the help of the ``@simple_page.route``
-decorator the blueprint will record the intention of registering the
-function `show` on the application when it's later registered.
+decorator, the blueprint will record the intention of registering the
+function ``show`` on the application when it's later registered.
 Additionally it will prefix the endpoint of the function with the
 name of the blueprint which was given to the :class:`Blueprint`
-constructor (in this case also ``simple_page``).
+constructor (in this case also ``simple_page``). The blueprint's name
+does not modify the URL, only the endpoint.
 
 Registering Blueprints
 ----------------------

docs/installation.rst

@@ -91,12 +91,12 @@ On Windows:
 
     $ py -3 -m venv venv
 
-If you needed to install virtualenv because you are on an older version of
-Python, use the following command instead:
+If you needed to install virtualenv because you are using Python 2, use
+the following command instead:
 
 .. code-block:: sh
 
-    $ virtualenv venv
+    $ python2 -m virtualenv venv
 
 On Windows:
 

docs/templating.rst

@@ -110,16 +110,25 @@ by Jinja2 itself:
    is for example very helpful if you try to generate JavaScript on the
    fly.
 
-   Note that inside ``script`` tags no escaping must take place, so make
-   sure to disable escaping with ``|safe`` before Flask 0.10 if you intend
-   to use it inside ``script`` tags:
-
    .. sourcecode:: html+jinja
 
        <script type=text/javascript>
-           doSomethingWith({{ user.username|tojson|safe }});
+           doSomethingWith({{ user.username|tojson }});
        </script>
 
+   It is also safe to use the output of `|tojson` in a *single-quoted* HTML
+   attribute:
+
+   .. sourcecode:: html+jinja
+
+       <button onclick='doSomethingWith({{ user.username|tojson }})'>
+           Click me
+       </button>
+
+   Note that in versions of Flask prior to 0.10, if using the output of
+   ``|tojson`` inside ``script``, make sure to disable escaping with ``|safe``.
+   In Flask 0.10 and above, this happens automatically.
+
 Controlling Autoescaping
 ------------------------
 

docs/tutorial/blog.rst

@@ -314,7 +314,7 @@ Delete
 
 The delete view doesn't have its own template, the delete button is part
 of ``update.html`` and posts to the ``/<id>/delete`` URL. Since there
-is no template, it will only handle the ``POST`` method then redirect
+is no template, it will only handle the ``POST`` method and then redirect
 to the ``index`` view.
 
 .. code-block:: python

docs/tutorial/database.rst

@@ -149,7 +149,7 @@ Register with the Application
 -----------------------------
 
 The ``close_db`` and ``init_db_command`` functions need to be registered
-with the application instance, otherwise they won't be used by the
+with the application instance; otherwise, they won't be used by the
 application. However, since you're using a factory function, that
 instance isn't available when writing the functions. Instead, write a
 function that takes an application and does the registration.

flask/_compat.py

@@ -28,6 +28,7 @@ if not PY2:
 
     from inspect import getfullargspec as getargspec
     from io import StringIO
+    import collections.abc as collections_abc
 
     def reraise(tp, value, tb=None):
         if value.__traceback__ is not tb:
@@ -47,6 +48,7 @@ else:
 
     from inspect import getargspec
     from cStringIO import StringIO
+    import collections as collections_abc
 
     exec('def reraise(tp, value, tb=None):\n raise tp, value, tb')
 

flask/app.py

@@ -1678,16 +1678,17 @@ class Flask(_PackageBoundObject):
         return False
 
     def handle_user_exception(self, e):
-        """This method is called whenever an exception occurs that should be
-        handled.  A special case are
-        :class:`~werkzeug.exception.HTTPException`\s which are forwarded by
-        this function to the :meth:`handle_http_exception` method.  This
-        function will either return a response value or reraise the
-        exception with the same traceback.
+        """This method is called whenever an exception occurs that
+        should be handled. A special case is :class:`~werkzeug
+        .exceptions.HTTPException` which is forwarded to the
+        :meth:`handle_http_exception` method. This function will either
+        return a response value or reraise the exception with the same
+        traceback.
 
         .. versionchanged:: 1.0
-            Key errors raised from request data like ``form`` show the bad
-            key in debug mode rather than a generic bad request message.
+            Key errors raised from request data like ``form`` show the
+            bad key in debug mode rather than a generic bad request
+            message.
 
         .. versionadded:: 0.7
         """

flask/cli.py

@@ -333,7 +333,7 @@ class DispatchingApp(object):
 
 
 class ScriptInfo(object):
-    """Help object to deal with Flask applications.  This is usually not
+    """Helper object to deal with Flask applications.  This is usually not
     necessary to interface with as it's used internally in the dispatching
     to click.  In future versions of Flask this object will most likely play
     a bigger role.  Typically it's created automatically by the
@@ -725,7 +725,7 @@ def _validate_key(ctx, param, value):
     return value
 
 
-@click.command('run', short_help='Runs a development server.')
+@click.command('run', short_help='Run a development server.')
 @click.option('--host', '-h', default='127.0.0.1',
               help='The interface to bind to.')
 @click.option('--port', '-p', default=5000,
@@ -777,10 +777,10 @@ def run_command(info, host, port, reload, debugger, eager_loading,
                threaded=with_threads, ssl_context=cert)
 
 
-@click.command('shell', short_help='Runs a shell in the app context.')
+@click.command('shell', short_help='Run a shell in the app context.')
 @with_appcontext
 def shell_command():
-    """Runs an interactive Python shell in the context of a given
+    """Run an interactive Python shell in the context of a given
     Flask application.  The application will populate the default
     namespace of this shell according to it's configuration.
 

flask/sessions.py

@@ -11,17 +11,17 @@
 
 import hashlib
 import warnings
-from collections import MutableMapping
 from datetime import datetime
 
 from itsdangerous import BadSignature, URLSafeTimedSerializer
 from werkzeug.datastructures import CallbackDict
 
+from flask._compat import collections_abc
 from flask.helpers import is_ip, total_seconds
 from flask.json.tag import TaggedJSONSerializer
 
 
-class SessionMixin(MutableMapping):
+class SessionMixin(collections_abc.MutableMapping):
     """Expands a basic dictionary with session attributes."""
 
     @property

tox.ini

@@ -1,9 +1,9 @@
 [tox]
 envlist =
-    py{36,35,34,27,py}
-    py{36,27,py}-simplejson
-    py{36,27,py}-devel
-    py{36,27,py}-lowest
+    py{37,36,35,34,27,py}
+    py{37,27,py}-simplejson
+    py{37,27,py}-devel
+    py{37,27,py}-lowest
     docs-html
     coverage-report