Opened 17 years ago
Closed 17 years ago
#5980 closed (fixed)
FilterExpression does not properly respect escaped quotes
Reported by: | Owned by: | nobody | |
---|---|---|---|
Component: | Template system | Version: | dev |
Severity: | Keywords: | filter quote escape | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
FilterExpression does not treat escaped quotes in constant strings properly, unless they are filter arguments.
Consider this:
{{ _("This is an \"object\"")|filter:"Some\"thing\"" }} {{ "This is an \"object\""|filter:"Some\"thing\"" }}
The translation will be run as
gettext('This is an \"object\"')
and thus fail, and the constant will be printed as
This is an \"object\"
The filter argument on the other hand is properly treated and the escape char is removed from the quotes.
The code below leads me to believe that this is an oversight and not a feature:
Filter arguments are processed here:
if i18n_arg: args.append((False, _(i18n_arg.replace(r'\"', '"')))) elif constant_arg is not None: args.append((False, constant_arg.replace(r'\"', '"')))
and the main string of this expression is processed here:
if i18n_constant: var = '"%s"' % _(i18n_constant) elif constant: var = '"%s"' % constant
This is in the constructor of django.template.FilterExpression. Escaped quotes in filter arguments are be treated, but not escaped quotes in the main string of this expression.
A tiny patch addresses this issue.
Attachments (1)
Change History (2)
by , 17 years ago
Attachment: | filterexperssion_quote_escaping.diff added |
---|
comment:1 by , 17 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Fixed in [6724].