Ticket #11778: 11778.diff
| File 11778.diff, 6.5 KB (added by , 13 years ago) |
|---|
-
tests/regressiontests/admin_views/tests.py
134 134 response = self.client.post('/test_admin/%s/admin_views/article/add/' % self.urlbit, post_data) 135 135 self.failUnlessEqual(response.status_code, 200) 136 136 self.assertContains(response, 'dismissAddAnotherPopup') 137 self.assertContains(response, 'title with a new\ u000Aline')137 self.assertContains(response, 'title with a new\\x0Aline') 138 138 139 139 # Post data for edit inline 140 140 inline_post_data = { -
tests/regressiontests/defaultfilters/tests.py
74 74 75 75 def test_escapejs(self): 76 76 self.assertEqual(escapejs(u'"double quotes" and \'single quotes\''), 77 u'\\ u0022double quotes\\u0022 and \\u0027single quotes\\u0027')77 u'\\x22double quotes\\x22 and \\x27single quotes\\x27') 78 78 self.assertEqual(escapejs(ur'\ : backslashes, too'), 79 u'\\ u005C : backslashes, too')79 u'\\x5C : backslashes, too') 80 80 self.assertEqual(escapejs(u'and lots of whitespace: \r\n\t\v\f\b'), 81 u'and lots of whitespace: \\ u000D\\u000A\\u0009\\u000B\\u000C\\u0008')81 u'and lots of whitespace: \\x0D\\x0A\\x09\\x0B\\x0C\\x08') 82 82 self.assertEqual(escapejs(ur'<script>and this</script>'), 83 u'\\ u003Cscript\\u003Eand this\\u003C/script\\u003E')83 u'\\x3Cscript\\x3Eand this\\x3C/script\\x3E') 84 84 self.assertEqual( 85 85 escapejs(u'paragraph separator:\u2029and line separator:\u2028'), 86 86 u'paragraph separator:\\u2029and line separator:\\u2028') -
tests/regressiontests/templates/filters.py
299 299 'autoescape-stringfilter03': (r'{{ safe|capfirst }}', {'safe': SafeClass()}, 'You > me'), 300 300 'autoescape-stringfilter04': (r'{% autoescape off %}{{ safe|capfirst }}{% endautoescape %}', {'safe': SafeClass()}, 'You > me'), 301 301 302 'escapejs01': (r'{{ a|escapejs }}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\ u000D\\u000Ajavascript \\u0027string\\u0022 \\u003Cb\\u003Eescaping\\u003C/b\\u003E'),303 'escapejs02': (r'{% autoescape off %}{{ a|escapejs }}{% endautoescape %}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\ u000D\\u000Ajavascript \\u0027string\\u0022 \\u003Cb\\u003Eescaping\\u003C/b\\u003E'),302 'escapejs01': (r'{{ a|escapejs }}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'), 303 'escapejs02': (r'{% autoescape off %}{{ a|escapejs }}{% endautoescape %}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'), 304 304 305 305 306 306 # length filter. -
tests/regressiontests/utils/html.py
113 113 def test_escapejs(self): 114 114 f = html.escapejs 115 115 items = ( 116 (u'"double quotes" and \'single quotes\'', u'\\ u0022double quotes\\u0022 and \\u0027single quotes\\u0027'),117 (ur'\ : backslashes, too', u'\\ u005C : backslashes, too'),118 (u'and lots of whitespace: \r\n\t\v\f\b', u'and lots of whitespace: \\ u000D\\u000A\\u0009\\u000B\\u000C\\u0008'),119 (ur'<script>and this</script>', u'\\ u003Cscript\\u003Eand this\\u003C/script\\u003E'),116 (u'"double quotes" and \'single quotes\'', u'\\x22double quotes\\x22 and \\x27single quotes\\x27'), 117 (ur'\ : backslashes, too', u'\\x5C : backslashes, too'), 118 (u'and lots of whitespace: \r\n\t\v\f\b', u'and lots of whitespace: \\x0D\\x0A\\x09\\x0B\\x0C\\x08'), 119 (ur'<script>and this</script>', u'\\x3Cscript\\x3Eand this\\x3C/script\\x3E'), 120 120 (u'paragraph separator:\u2029and line separator:\u2028', u'paragraph separator:\\u2029and line separator:\\u2028'), 121 121 ) 122 122 for value, output in items: -
django/utils/html.py
34 34 return mark_safe(force_unicode(html).replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", ''')) 35 35 escape = allow_lazy(escape, unicode) 36 36 37 _ base_js_escapes = (38 ('\\', r'\u005C'),39 ('\'', r'\u0027'),40 ('"', r'\u0022'),41 ('>', r'\u003E'),42 ('<', r'\u003C'),43 ('&', r'\u0026'),44 ('=', r'\u003D'),45 ('-', r'\u002D'),46 (';', r'\u003B'),47 (u'\u2028', r'\u2028'),48 (u'\u2029', r'\u2029')49 ) 37 _js_escapes_dict = { 38 '\\': r'\x5C', 39 '\'': r'\x27', 40 '"': r'\x22', 41 '>': r'\x3E', 42 '<': r'\x3C', 43 '&': r'\x26', 44 '=': r'\x3D', 45 '-': r'\x2D', 46 ';': r'\x3B', 47 u'\u2028': r'\u2028', 48 u'\u2029': r'\u2029', 49 } 50 50 51 # Escape every ASCII character with a value less than 32.52 _js_escapes = (_base_js_escapes + 53 tuple([('%c' % z, '\\u%04X' % z) for z in range(32)]))51 # also escape every ASCII character with a value less than 32. 52 for z in range(32): 53 _js_escapes_dict[chr(z)] = '\\x%02X' % z 54 54 55 # construct a Regex object matching the keys in _js_escapes_dict 56 _js_escapes_re = u''.join(sorted(_js_escapes_dict.keys())) 57 _js_escapes_re = re.sub(r'[\\\\\-\]]', r'\\\g<0>', _js_escapes_re) # escape \-] 58 _js_escapes_re = '[' + _js_escapes_re + ']' 59 _js_escapes_re = re.compile(_js_escapes_re) 60 55 61 def escapejs(value): 56 62 """Hex encodes characters for use in JavaScript strings.""" 57 for bad, good in _js_escapes: 58 value = mark_safe(force_unicode(value).replace(bad, good)) 59 return value 63 return mark_safe(_js_escapes_re.sub(lambda m: _js_escapes_dict[m.group(0)], 64 force_unicode(value))) 60 65 escapejs = allow_lazy(escapejs, unicode) 61 66 62 67 def conditional_escape(html):