Fixed #7177 -- Added extra robustness to the escapejs filter so that all (8c4a5258) · Commits · Dom Sekotill / django

django/template/defaultfilters.py

+16 −12

Original line number	Diff line number	Diff line
		@@ -62,20 +62,24 @@ def capfirst(value):
		capfirst.is_safe=True
		capfirst = stringfilter(capfirst)

		_js_escapes = (
		('\\', '\\\\'),
		('"', '\\"'),
		("'", "\\'"),
		('\n', '\\n'),
		('\r', '\\r'),
		('\b', '\\b'),
		('\f', '\\f'),
		('\t', '\\t'),
		('\v', '\\v'),
		('</', '<\\/'),
		_base_js_escapes = (
		('\\', r'\x5C'),
		('\'', r'\x27'),
		('"', r'\x22'),
		('>', r'\x3E'),
		('<', r'\x3C'),
		('&', r'\x26'),
		('=', r'\x3D'),
		('-', r'\x2D'),
		(';', r'\x3B')
		)

		# Escape every ASCII character with a value less than 32.
		_js_escapes = (_base_js_escapes +
		tuple([('%c' % z, '\\x%02X' % z) for z in range(32)]))

		def escapejs(value):
		"""Backslash-escapes characters for use in JavaScript strings."""
		"""Hex encodes characters for use in JavaScript strings."""
		for bad, good in _js_escapes:
		value = value.replace(bad, good)
		return value

+3 −0

Original line number	Diff line number	Diff line
		@@ -262,5 +262,8 @@ def get_filter_tests():
		'autoescape-stringfilter02': (r'{% autoescape off %}{{ unsafe\|capfirst }}{% endautoescape %}', {'unsafe': UnsafeClass()}, 'You & me'),
		'autoescape-stringfilter03': (r'{{ safe\|capfirst }}', {'safe': SafeClass()}, 'You > me'),
		'autoescape-stringfilter04': (r'{% autoescape off %}{{ safe\|capfirst }}{% endautoescape %}', {'safe': SafeClass()}, 'You > me'),

		'escapejs01': (r'{{ a\|escapejs }}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'),
		'escapejs02': (r'{% autoescape off %}{{ a\|escapejs }}{% endautoescape %}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'),
		}

Original line number	Diff line number	Diff line
		@@ -262,5 +262,8 @@ def get_filter_tests():
		'autoescape-stringfilter02': (r'{% autoescape off %}{{ unsafe\|capfirst }}{% endautoescape %}', {'unsafe': UnsafeClass()}, 'You & me'),
		'autoescape-stringfilter03': (r'{{ safe\|capfirst }}', {'safe': SafeClass()}, 'You > me'),
		'autoescape-stringfilter04': (r'{% autoescape off %}{{ safe\|capfirst }}{% endautoescape %}', {'safe': SafeClass()}, 'You > me'),

		'escapejs01': (r'{{ a\|escapejs }}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'),
		'escapejs02': (r'{% autoescape off %}{{ a\|escapejs }}{% endautoescape %}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'),
		}