Index: tests/regressiontests/admin_views/tests.py
===================================================================
--- tests/regressiontests/admin_views/tests.py (revision 16344)
+++ tests/regressiontests/admin_views/tests.py (working copy)
@@ -134,7 +134,7 @@
response = self.client.post('/test_admin/%s/admin_views/article/add/' % self.urlbit, post_data)
self.failUnlessEqual(response.status_code, 200)
self.assertContains(response, 'dismissAddAnotherPopup')
- self.assertContains(response, 'title with a new\u000Aline')
+ self.assertContains(response, 'title with a new\\x0Aline')
# Post data for edit inline
inline_post_data = {
Index: tests/regressiontests/defaultfilters/tests.py
===================================================================
--- tests/regressiontests/defaultfilters/tests.py (revision 16344)
+++ tests/regressiontests/defaultfilters/tests.py (working copy)
@@ -74,13 +74,13 @@
def test_escapejs(self):
self.assertEqual(escapejs(u'"double quotes" and \'single quotes\''),
- u'\\u0022double quotes\\u0022 and \\u0027single quotes\\u0027')
+ u'\\x22double quotes\\x22 and \\x27single quotes\\x27')
self.assertEqual(escapejs(ur'\ : backslashes, too'),
- u'\\u005C : backslashes, too')
+ u'\\x5C : backslashes, too')
self.assertEqual(escapejs(u'and lots of whitespace: \r\n\t\v\f\b'),
- u'and lots of whitespace: \\u000D\\u000A\\u0009\\u000B\\u000C\\u0008')
+ u'and lots of whitespace: \\x0D\\x0A\\x09\\x0B\\x0C\\x08')
self.assertEqual(escapejs(ur''),
- u'\\u003Cscript\\u003Eand this\\u003C/script\\u003E')
+ u'\\x3Cscript\\x3Eand this\\x3C/script\\x3E')
self.assertEqual(
escapejs(u'paragraph separator:\u2029and line separator:\u2028'),
u'paragraph separator:\\u2029and line separator:\\u2028')
Index: tests/regressiontests/templates/filters.py
===================================================================
--- tests/regressiontests/templates/filters.py (revision 16344)
+++ tests/regressiontests/templates/filters.py (working copy)
@@ -299,8 +299,8 @@
'autoescape-stringfilter03': (r'{{ safe|capfirst }}', {'safe': SafeClass()}, 'You > me'),
'autoescape-stringfilter04': (r'{% autoescape off %}{{ safe|capfirst }}{% endautoescape %}', {'safe': SafeClass()}, 'You > me'),
- 'escapejs01': (r'{{ a|escapejs }}', {'a': 'testing\r\njavascript \'string" escaping'}, 'testing\\u000D\\u000Ajavascript \\u0027string\\u0022 \\u003Cb\\u003Eescaping\\u003C/b\\u003E'),
- 'escapejs02': (r'{% autoescape off %}{{ a|escapejs }}{% endautoescape %}', {'a': 'testing\r\njavascript \'string" escaping'}, 'testing\\u000D\\u000Ajavascript \\u0027string\\u0022 \\u003Cb\\u003Eescaping\\u003C/b\\u003E'),
+ 'escapejs01': (r'{{ a|escapejs }}', {'a': 'testing\r\njavascript \'string" escaping'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'),
+ 'escapejs02': (r'{% autoescape off %}{{ a|escapejs }}{% endautoescape %}', {'a': 'testing\r\njavascript \'string" escaping'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'),
# length filter.
Index: tests/regressiontests/utils/html.py
===================================================================
--- tests/regressiontests/utils/html.py (revision 16344)
+++ tests/regressiontests/utils/html.py (working copy)
@@ -113,10 +113,10 @@
def test_escapejs(self):
f = html.escapejs
items = (
- (u'"double quotes" and \'single quotes\'', u'\\u0022double quotes\\u0022 and \\u0027single quotes\\u0027'),
- (ur'\ : backslashes, too', u'\\u005C : backslashes, too'),
- (u'and lots of whitespace: \r\n\t\v\f\b', u'and lots of whitespace: \\u000D\\u000A\\u0009\\u000B\\u000C\\u0008'),
- (ur'', u'\\u003Cscript\\u003Eand this\\u003C/script\\u003E'),
+ (u'"double quotes" and \'single quotes\'', u'\\x22double quotes\\x22 and \\x27single quotes\\x27'),
+ (ur'\ : backslashes, too', u'\\x5C : backslashes, too'),
+ (u'and lots of whitespace: \r\n\t\v\f\b', u'and lots of whitespace: \\x0D\\x0A\\x09\\x0B\\x0C\\x08'),
+ (ur'', u'\\x3Cscript\\x3Eand this\\x3C/script\\x3E'),
(u'paragraph separator:\u2029and line separator:\u2028', u'paragraph separator:\\u2029and line separator:\\u2028'),
)
for value, output in items:
Index: django/utils/html.py
===================================================================
--- django/utils/html.py (revision 16344)
+++ django/utils/html.py (working copy)
@@ -34,29 +34,34 @@
return mark_safe(force_unicode(html).replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", '''))
escape = allow_lazy(escape, unicode)
-_base_js_escapes = (
- ('\\', r'\u005C'),
- ('\'', r'\u0027'),
- ('"', r'\u0022'),
- ('>', r'\u003E'),
- ('<', r'\u003C'),
- ('&', r'\u0026'),
- ('=', r'\u003D'),
- ('-', r'\u002D'),
- (';', r'\u003B'),
- (u'\u2028', r'\u2028'),
- (u'\u2029', r'\u2029')
-)
+_js_escapes_dict = {
+ '\\': r'\x5C',
+ '\'': r'\x27',
+ '"': r'\x22',
+ '>': r'\x3E',
+ '<': r'\x3C',
+ '&': r'\x26',
+ '=': r'\x3D',
+ '-': r'\x2D',
+ ';': r'\x3B',
+ u'\u2028': r'\u2028',
+ u'\u2029': r'\u2029',
+}
-# Escape every ASCII character with a value less than 32.
-_js_escapes = (_base_js_escapes +
- tuple([('%c' % z, '\\u%04X' % z) for z in range(32)]))
+# also escape every ASCII character with a value less than 32.
+for z in range(32):
+ _js_escapes_dict[chr(z)] = '\\x%02X' % z
+# construct a Regex object matching the keys in _js_escapes_dict
+_js_escapes_re = u''.join(sorted(_js_escapes_dict.keys()))
+_js_escapes_re = re.sub(r'[\\\\\-\]]', r'\\\g<0>', _js_escapes_re) # escape \-]
+_js_escapes_re = '[' + _js_escapes_re + ']'
+_js_escapes_re = re.compile(_js_escapes_re)
+
def escapejs(value):
"""Hex encodes characters for use in JavaScript strings."""
- for bad, good in _js_escapes:
- value = mark_safe(force_unicode(value).replace(bad, good))
- return value
+ return mark_safe(_js_escapes_re.sub(lambda m: _js_escapes_dict[m.group(0)],
+ force_unicode(value)))
escapejs = allow_lazy(escapejs, unicode)
def conditional_escape(html):