Ticket #17419: json-filter.v3.diff

django/template/defaultfilters.py

@@ -9 +9 @@
 
 from django.template.base import Variable, Library, VariableDoesNotExist
 from django.conf import settings
-from django.utils import formats
+from django.utils import formats, simplejson
 from django.utils.dateformat import format, time_format
 from django.utils.encoding import force_unicode, iri_to_uri
 from django.utils.html import (conditional_escape, escapejs, fix_ampersands,
@@ -838 +838 @@
         return ugettext("%s TB") % filesize_number_format(bytes / (1024 * 1024 * 1024 * 1024))
     return ugettext("%s PB") % filesize_number_format(bytes / (1024 * 1024 * 1024 * 1024 * 1024))
 
+@register.filter(is_safe=True)
+def json(value):
+    """
+    Returns the json representation of value.
+
+    Note that the HTML spec (though not XHTML) declares all text within
+    <script> tags to be CDATA and therefore does not need escaping.
+    Thus, when using this filter between <script> tags for such a document,
+    you'll want to avoid escaping the output: {{ data|json|safe }}
+    """
+    return simplejson.dumps(value)
+
 @register.filter(is_safe=False)
 def pluralize(value, arg=u's'):
     """

docs/ref/templates/builtins.txt

@@ -1665 +1665 @@
 If ``value`` is the list ``['a', 'b', 'c']``, the output will be the string
 ``"a // b // c"``.
 
+.. templatefilter:: json
+
+json
+^^^^
+
+.. versionadded:: 1.4
+
+Coverts a python datastructure of possibly nested dictionaries and lists into
+a json string.
+
+For example::
+
+    {{ value|json }}
+
+If ``value`` is the python dictionary with nested list
+``{'hello': ['world', 'wide']}``, the output will be the string
+``'{"hello": ["world", "wide"]}'``.
+
+This filter is most often used within ``<script>`` tags. Per the
+HTML spec (though not XHTML) all text within ``<script>`` tags is
+CDATA and therefore does not need escaping. Thus, when using this
+filter in such a situation, you'll want to explicitly mark the output
+as safe to avoid html-entity escaping. For example::
+
+    <script>
+        var json_data = {{ value|json|safe }};
+    </script>
+
+Remember that JSON marked as safe will contain unescaped strings and those need
+to be properly handled in the receiver.
+
 .. templatefilter:: last
 
 last

tests/regressiontests/templates/filters.py

@@ -106 +106 @@
         'filter-lower01': ("{% autoescape off %}{{ a|lower }} {{ b|lower }}{% endautoescape %}", {"a": "Apple & banana", "b": mark_safe("Apple & banana")}, u"apple & banana apple & banana"),
         'filter-lower02': ("{{ a|lower }} {{ b|lower }}", {"a": "Apple & banana", "b": mark_safe("Apple & banana")}, u"apple & banana apple & banana"),
 
+        # json filter #17419
+        'filter-json01': ("{{ data|json }}", {"data": {"hello": ["world", "universe"]}}, u'{"hello": ["world", "universe"]}'),
+        'filter-json02': ("{{ data|json|safe }}", {"data": {"foo": "<bar>"}}, u'{"foo": "<bar>"}'),
+        'filter-json03': ("{{ data|json|safe }}", {"data": ["foo", 'ba"r']}, u'["foo", "ba\\"r"]'),
+
         # The make_list filter can destroy existing escaping, so the results are
         # escaped.
         'filter-make_list01': ("{% autoescape off %}{{ a|make_list }}{% endautoescape %}", {"a": mark_safe("&")}, u"[u'&']"),