[1.1.X] Fixed #13114 -- Modified escapejs to produce output that is JSON compliant. Thanks to David Danier for the report.

Backport of r12780 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.1.X@12781 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Russell Keith-Magee 2010-03-15 08:06:47 +00:00
parent d3ee5566b4
commit c64669a614
4 changed files with 19 additions and 19 deletions

View File

@ -68,22 +68,22 @@ capfirst.is_safe=True
capfirst = stringfilter(capfirst)
_base_js_escapes = (
('\\', r'\x5C'),
('\'', r'\x27'),
('"', r'\x22'),
('>', r'\x3E'),
('<', r'\x3C'),
('&', r'\x26'),
('=', r'\x3D'),
('-', r'\x2D'),
(';', r'\x3B'),
('\\', r'\u005C'),
('\'', r'\u0027'),
('"', r'\u0022'),
('>', r'\u003E'),
('<', r'\u003C'),
('&', r'\u0026'),
('=', r'\u003D'),
('-', r'\u002D'),
(';', r'\u003B'),
(u'\u2028', r'\u2028'),
(u'\u2029', r'\u2029')
)
# Escape every ASCII character with a value less than 32.
_js_escapes = (_base_js_escapes +
tuple([('%c' % z, '\\x%02X' % z) for z in range(32)]))
tuple([('%c' % z, '\\u%04X' % z) for z in range(32)]))
def escapejs(value):
"""Hex encodes characters for use in JavaScript strings."""

View File

@ -760,8 +760,8 @@ use keyword syntax::
{% url path.to.some_view arg1=v1,arg2=v2 %}
Do not mix both positional and keyword syntax in a single call. All arguments
required by the URLconf should be present.
Do not mix both positional and keyword syntax in a single call. All arguments
required by the URLconf should be present.
For example, suppose you have a view, ``app_views.client``, whose URLconf
takes a client ID (here, ``client()`` is a method inside the views file
@ -1077,7 +1077,7 @@ For example::
{{ value|escapejs }}
If ``value`` is ``"testing\r\njavascript \'string" <b>escaping</b>"``,
the output will be ``"testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E"``.
the output will be ``"testing\\u000D\\u000Ajavascript \\u0027string\\u0022 \\u003Cb\\u003Eescaping\\u003C/b\\u003E"``.
.. templatefilter:: filesizeformat

View File

@ -72,16 +72,16 @@ u'\\\\ : backslashes, too'
u'Hello world'
>>> escapejs(u'"double quotes" and \'single quotes\'')
u'\\x22double quotes\\x22 and \\x27single quotes\\x27'
u'\\u0022double quotes\\u0022 and \\u0027single quotes\\u0027'
>>> escapejs(ur'\ : backslashes, too')
u'\\x5C : backslashes, too'
u'\\u005C : backslashes, too'
>>> escapejs(u'and lots of whitespace: \r\n\t\v\f\b')
u'and lots of whitespace: \\x0D\\x0A\\x09\\x0B\\x0C\\x08'
u'and lots of whitespace: \\u000D\\u000A\\u0009\\u000B\\u000C\\u0008'
>>> escapejs(ur'<script>and this</script>')
u'\\x3Cscript\\x3Eand this\\x3C/script\\x3E'
u'\\u003Cscript\\u003Eand this\\u003C/script\\u003E'
>>> escapejs(u'paragraph separator:\u2029and line separator:\u2028')
u'paragraph separator:\\u2029and line separator:\\u2028'

View File

@ -295,8 +295,8 @@ def get_filter_tests():
'autoescape-stringfilter03': (r'{{ safe|capfirst }}', {'safe': SafeClass()}, 'You &gt; me'),
'autoescape-stringfilter04': (r'{% autoescape off %}{{ safe|capfirst }}{% endautoescape %}', {'safe': SafeClass()}, 'You &gt; me'),
'escapejs01': (r'{{ a|escapejs }}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'),
'escapejs02': (r'{% autoescape off %}{{ a|escapejs }}{% endautoescape %}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'),
'escapejs01': (r'{{ a|escapejs }}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\u000D\\u000Ajavascript \\u0027string\\u0022 \\u003Cb\\u003Eescaping\\u003C/b\\u003E'),
'escapejs02': (r'{% autoescape off %}{{ a|escapejs }}{% endautoescape %}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\u000D\\u000Ajavascript \\u0027string\\u0022 \\u003Cb\\u003Eescaping\\u003C/b\\u003E'),
# length filter.