test0908
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed #21731 -- Made javascript_quote escapes '</'.

This commit is contained in:
Vajrasky Kok 2014-01-04 12:57:50 +08:00 committed by Tim Graham
parent b17c75564f
commit c43c469a2e
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
django/utils/text.py
View File

@ -327,6 +327,7 @@ def javascript_quote(s, quote_double_quotes=False):
s = s.replace('\n', '\\n') s = s.replace('\n', '\\n')
s = s.replace('\t', '\\t') s = s.replace('\t', '\\t')
s = s.replace("'", "\\'") s = s.replace("'", "\\'")
s = s.replace('</', '<\\/')
if quote_double_quotes: if quote_double_quotes:
s = s.replace('"', '&quot;') s = s.replace('"', '&quot;')
return str(ustring_re.sub(fix, s)) return str(ustring_re.sub(fix, s))

11
tests/utils_tests/test_text.py
View File

@ -144,3 +144,14 @@ class TestUtilsText(SimpleTestCase):
def test_get_valid_filename(self): def test_get_valid_filename(self):
filename = "^&'@{}[],$=!-#()%+~_123.txt" filename = "^&'@{}[],$=!-#()%+~_123.txt"
self.assertEqual(text.get_valid_filename(filename), "-_123.txt") self.assertEqual(text.get_valid_filename(filename), "-_123.txt")
def test_javascript_quote(self):
input = "<script>alert('Hello \\xff.\n Welcome\there\r');</script>"
output = r"<script>alert(\'Hello \\xff.\n Welcome\there\r\');<\/script>"
self.assertEqual(text.javascript_quote(input), output)
# Exercising quote_double_quotes keyword argument
input = '"Text"'
self.assertEqual(text.javascript_quote(input), '"Text"')
self.assertEqual(text.javascript_quote(input, quote_double_quotes=True),
'&quot;Text&quot;')