| 1 |
Index: django/template/defaultfilters.py |
|---|
| 2 |
=================================================================== |
|---|
| 3 |
--- django/template/defaultfilters.py (revision 5061) |
|---|
| 4 |
+++ django/template/defaultfilters.py (working copy) |
|---|
| 5 |
@@ -47,7 +47,7 @@ |
|---|
| 6 |
|
|---|
| 7 |
def addslashes(value): |
|---|
| 8 |
"Adds slashes - useful for passing strings to JavaScript, for example." |
|---|
| 9 |
- return value.replace('\\', '\\\\').replace('"', '\\"').replace("'", "\\'") |
|---|
| 10 |
+ return value.replace('\\', '\\\\').replace('"', '\\"').replace("'", "\\'").replace("</", "<\\/") |
|---|
| 11 |
addslashes = stringfilter(addslashes) |
|---|
| 12 |
|
|---|
| 13 |
def capfirst(value): |
|---|
| 14 |
Index: tests/regressiontests/defaultfilters/tests.py |
|---|
| 15 |
=================================================================== |
|---|
| 16 |
--- tests/regressiontests/defaultfilters/tests.py (revision 5061) |
|---|
| 17 |
+++ tests/regressiontests/defaultfilters/tests.py (working copy) |
|---|
| 18 |
@@ -40,6 +40,9 @@ |
|---|
| 19 |
>>> addslashes(r'\ : backslashes, too') |
|---|
| 20 |
'\\\\ : backslashes, too' |
|---|
| 21 |
|
|---|
| 22 |
+>>> addslashes('<script>alert("make sure close tags are ok")</script>') |
|---|
| 23 |
+'<script>alert(\\"make sure close tags are ok\\")<\\/script>' |
|---|
| 24 |
+ |
|---|
| 25 |
>>> capfirst('hello world') |
|---|
| 26 |
'Hello world' |
|---|
| 27 |
|
|---|
