Django

Code

Ticket #1270 (closed: fixed)

Opened 3 years ago

Last modified 2 years ago

[patch] Escape filter does not escape single quotes to '

Reported by: beegee Assigned to: adrian
Milestone: Component: Template system
Version: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: 1 Needs documentation: 0
Needs tests: 0 Patch needs improvement: 0

Description

The escape filter does not escape single quotes to '. Why not? It can simply be repaired in the following file http://code.djangoproject.com/browser/django/trunk/django/utils/html.py.

Line 28 in this file states: return html.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;')

Simply extend this line as follows: return html.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;').replace("'", '&apos;')

When building xml files with the Django template system this is a life saver. Because, now all five internally declared xml entities are nicely escaped by the escape filter.

Attachments

html.diff (0.6 kB) - added by scum on 01/31/06 13:26:22.
[patch] added unicode replacement (\u0027) to single quotes
html.2.diff (0.6 kB) - added by Malcolm Tredinnick <malcolm@pointy-stick.com> on 03/05/06 20:27:36.
Updated patch using &#39;.

Change History

01/24/06 04:14:29 changed by hugo

The problem with this: apos isn't a valid entity in HTML, it's only valid in XML (and therefore should be valid in XHTML). So it's allways a problem to add it, because anybody producing HTML4 will get invalid entities. Better to replace it by it's unicode numerical encoding, as that is valid in both HTML and XML.

01/31/06 13:26:22 changed by scum

  • attachment html.diff added.

[patch] added unicode replacement (\u0027) to single quotes

01/31/06 13:34:46 changed by anonymous 

.replace("'", "\\'")

While I added the unicode patch, couldn't this be used instead?

01/31/06 18:50:45 changed by ffff

What's wrong with &#39; ?

02/01/06 10:21:19 changed by hugo

Nothing is wrong with &#39; Actually that's what I was thinking off ;-)

03/05/06 20:27:36 changed by Malcolm Tredinnick <malcolm@pointy-stick.com>

  • attachment html.2.diff added.

Updated patch using &#39;.

03/05/06 20:27:50 changed by Malcolm Tredinnick <malcolm@pointy-stick.com>

  • summary changed from Escape filter does not escape single quotes to &apos; to [patch] Escape filter does not escape single quotes to &apos;.

04/23/06 17:23:46 changed by adrian

  • status changed from new to closed.
  • resolution set to fixed.

(In [2738]) magic-removal: Fixed #1270 -- Made the escape filter escape single quotes

Add/Change #1270 ([patch] Escape filter does not escape single quotes to &apos;)




Change Properties
Action