From beca4b81095c7418fcb29e52a243548555127a06 Mon Sep 17 00:00:00 2001 From: Russell Keith-Magee Date: Mon, 15 Mar 2010 07:22:20 +0000 Subject: [PATCH] Fixed #13114 -- Modified escapejs to produce output that is JSON compliant. Thanks to David Danier for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@12780 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/template/defaultfilters.py | 20 +++++++++---------- docs/ref/templates/builtins.txt | 6 +++--- tests/regressiontests/defaultfilters/tests.py | 8 ++++---- tests/regressiontests/templates/filters.py | 4 ++-- 4 files changed, 19 insertions(+), 19 deletions(-) diff --git a/django/template/defaultfilters.py b/django/template/defaultfilters.py index 1f744f1958..bea5938e5b 100644 --- a/django/template/defaultfilters.py +++ b/django/template/defaultfilters.py @@ -69,22 +69,22 @@ capfirst.is_safe=True capfirst = stringfilter(capfirst) _base_js_escapes = ( - ('\\', r'\x5C'), - ('\'', r'\x27'), - ('"', r'\x22'), - ('>', r'\x3E'), - ('<', r'\x3C'), - ('&', r'\x26'), - ('=', r'\x3D'), - ('-', r'\x2D'), - (';', r'\x3B'), + ('\\', r'\u005C'), + ('\'', r'\u0027'), + ('"', r'\u0022'), + ('>', r'\u003E'), + ('<', r'\u003C'), + ('&', r'\u0026'), + ('=', r'\u003D'), + ('-', r'\u002D'), + (';', r'\u003B'), (u'\u2028', r'\u2028'), (u'\u2029', r'\u2029') ) # Escape every ASCII character with a value less than 32. _js_escapes = (_base_js_escapes + - tuple([('%c' % z, '\\x%02X' % z) for z in range(32)])) + tuple([('%c' % z, '\\u%04X' % z) for z in range(32)])) def escapejs(value): """Hex encodes characters for use in JavaScript strings.""" diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt index c613c58107..9e8f9825d6 100644 --- a/docs/ref/templates/builtins.txt +++ b/docs/ref/templates/builtins.txt @@ -906,8 +906,8 @@ use keyword syntax:: {% url path.to.some_view arg1=v1,arg2=v2 %} -Do not mix both positional and keyword syntax in a single call. All arguments -required by the URLconf should be present. +Do not mix both positional and keyword syntax in a single call. All arguments +required by the URLconf should be present. For example, suppose you have a view, ``app_views.client``, whose URLconf takes a client ID (here, ``client()`` is a method inside the views file @@ -1262,7 +1262,7 @@ For example:: {{ value|escapejs }} If ``value`` is ``"testing\r\njavascript \'string" escaping"``, -the output will be ``"testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E"``. +the output will be ``"testing\\u000D\\u000Ajavascript \\u0027string\\u0022 \\u003Cb\\u003Eescaping\\u003C/b\\u003E"``. .. templatefilter:: filesizeformat diff --git a/tests/regressiontests/defaultfilters/tests.py b/tests/regressiontests/defaultfilters/tests.py index 0fe4673063..abc080db48 100644 --- a/tests/regressiontests/defaultfilters/tests.py +++ b/tests/regressiontests/defaultfilters/tests.py @@ -72,16 +72,16 @@ u'\\\\ : backslashes, too' u'Hello world' >>> escapejs(u'"double quotes" and \'single quotes\'') -u'\\x22double quotes\\x22 and \\x27single quotes\\x27' +u'\\u0022double quotes\\u0022 and \\u0027single quotes\\u0027' >>> escapejs(ur'\ : backslashes, too') -u'\\x5C : backslashes, too' +u'\\u005C : backslashes, too' >>> escapejs(u'and lots of whitespace: \r\n\t\v\f\b') -u'and lots of whitespace: \\x0D\\x0A\\x09\\x0B\\x0C\\x08' +u'and lots of whitespace: \\u000D\\u000A\\u0009\\u000B\\u000C\\u0008' >>> escapejs(ur'') -u'\\x3Cscript\\x3Eand this\\x3C/script\\x3E' +u'\\u003Cscript\\u003Eand this\\u003C/script\\u003E' >>> escapejs(u'paragraph separator:\u2029and line separator:\u2028') u'paragraph separator:\\u2029and line separator:\\u2028' diff --git a/tests/regressiontests/templates/filters.py b/tests/regressiontests/templates/filters.py index 82a056e7dc..3d6284e881 100644 --- a/tests/regressiontests/templates/filters.py +++ b/tests/regressiontests/templates/filters.py @@ -295,8 +295,8 @@ def get_filter_tests(): 'autoescape-stringfilter03': (r'{{ safe|capfirst }}', {'safe': SafeClass()}, 'You > me'), 'autoescape-stringfilter04': (r'{% autoescape off %}{{ safe|capfirst }}{% endautoescape %}', {'safe': SafeClass()}, 'You > me'), - 'escapejs01': (r'{{ a|escapejs }}', {'a': 'testing\r\njavascript \'string" escaping'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'), - 'escapejs02': (r'{% autoescape off %}{{ a|escapejs }}{% endautoescape %}', {'a': 'testing\r\njavascript \'string" escaping'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'), + 'escapejs01': (r'{{ a|escapejs }}', {'a': 'testing\r\njavascript \'string" escaping'}, 'testing\\u000D\\u000Ajavascript \\u0027string\\u0022 \\u003Cb\\u003Eescaping\\u003C/b\\u003E'), + 'escapejs02': (r'{% autoescape off %}{{ a|escapejs }}{% endautoescape %}', {'a': 'testing\r\njavascript \'string" escaping'}, 'testing\\u000D\\u000Ajavascript \\u0027string\\u0022 \\u003Cb\\u003Eescaping\\u003C/b\\u003E'), # length filter.