Commit beca4b81 authored by Russell Keith-Magee's avatar Russell Keith-Magee
Browse files

Fixed #13114 -- Modified escapejs to produce output that is JSON compliant.... 

Fixed #13114 -- Modified escapejs to produce output that is JSON compliant. Thanks to David Danier for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@12780 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent 4dfe6190

django/template/defaultfilters.py

+10 −10
Original line number Diff line number Diff line
@@ -69,22 +69,22 @@ capfirst.is_safe=True 
capfirst = stringfilter(capfirst)



_base_js_escapes = (

    ('\\', r'\x5C'),

    ('\'', r'\x27'),

    ('"', r'\x22'),

    ('>', r'\x3E'),

    ('<', r'\x3C'),

    ('&', r'\x26'),

    ('=', r'\x3D'),

    ('-', r'\x2D'),

    (';', r'\x3B'),

    ('\\', r'\u005C'),

    ('\'', r'\u0027'),

    ('"', r'\u0022'),

    ('>', r'\u003E'),

    ('<', r'\u003C'),

    ('&', r'\u0026'),

    ('=', r'\u003D'),

    ('-', r'\u002D'),

    (';', r'\u003B'),

    (u'\u2028', r'\u2028'),

    (u'\u2029', r'\u2029')

)



# Escape every ASCII character with a value less than 32.

_js_escapes = (_base_js_escapes +

               tuple([('%c' % z, '\\x%02X' % z) for z in range(32)]))

               tuple([('%c' % z, '\\u%04X' % z) for z in range(32)]))



def escapejs(value):

    """Hex encodes characters for use in JavaScript strings."""

docs/ref/templates/builtins.txt

+3 −3
Original line number Diff line number Diff line
@@ -1262,7 +1262,7 @@ For example:: 
    {{ value|escapejs }}



If ``value`` is ``"testing\r\njavascript \'string" <b>escaping</b>"``,

the output will be ``"testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E"``.

the output will be ``"testing\\u000D\\u000Ajavascript \\u0027string\\u0022 \\u003Cb\\u003Eescaping\\u003C/b\\u003E"``.



.. templatefilter:: filesizeformat

tests/regressiontests/defaultfilters/tests.py

+4 −4
Original line number Diff line number Diff line
@@ -72,16 +72,16 @@ u'\\\\ : backslashes, too' 
u'Hello world'



>>> escapejs(u'"double quotes" and \'single quotes\'')

u'\\x22double quotes\\x22 and \\x27single quotes\\x27'

u'\\u0022double quotes\\u0022 and \\u0027single quotes\\u0027'



>>> escapejs(ur'\ : backslashes, too')

u'\\x5C : backslashes, too'

u'\\u005C : backslashes, too'



>>> escapejs(u'and lots of whitespace: \r\n\t\v\f\b')

u'and lots of whitespace: \\x0D\\x0A\\x09\\x0B\\x0C\\x08'

u'and lots of whitespace: \\u000D\\u000A\\u0009\\u000B\\u000C\\u0008'



>>> escapejs(ur'<script>and this</script>')

u'\\x3Cscript\\x3Eand this\\x3C/script\\x3E'

u'\\u003Cscript\\u003Eand this\\u003C/script\\u003E'



>>> escapejs(u'paragraph separator:\u2029and line separator:\u2028')

u'paragraph separator:\\u2029and line separator:\\u2028'

tests/regressiontests/templates/filters.py

+2 −2
Original line number Diff line number Diff line
@@ -295,8 +295,8 @@ def get_filter_tests(): 
        'autoescape-stringfilter03': (r'{{ safe|capfirst }}', {'safe': SafeClass()}, 'You &gt; me'),

        'autoescape-stringfilter04': (r'{% autoescape off %}{{ safe|capfirst }}{% endautoescape %}', {'safe': SafeClass()}, 'You &gt; me'),



        'escapejs01': (r'{{ a|escapejs }}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'),

        'escapejs02': (r'{% autoescape off %}{{ a|escapejs }}{% endautoescape %}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'),

        'escapejs01': (r'{{ a|escapejs }}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\u000D\\u000Ajavascript \\u0027string\\u0022 \\u003Cb\\u003Eescaping\\u003C/b\\u003E'),

        'escapejs02': (r'{% autoescape off %}{{ a|escapejs }}{% endautoescape %}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\u000D\\u000Ajavascript \\u0027string\\u0022 \\u003Cb\\u003Eescaping\\u003C/b\\u003E'),





        # length filter.