Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#2456 closed defect (fixed)

[patch] addslashes filter doesn't escape backslashes

Reported by: tom@… Owned by: Adrian Holovaty
Component: Template system Version:
Severity: major Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

addslashes filter doesn't escape backslashes. This is important when you want to pass a string that contains backslashes to a JavaScript template.

Here's a patch:

Index: django/template/defaultfilters.py
===================================================================
--- django/template/defaultfilters.py   (revision 3496)
+++ django/template/defaultfilters.py   (working copy)
@@ -15,7 +15,7 @@
 
 def addslashes(value):
     "Adds slashes - useful for passing strings to JavaScript, for example."
-    return value.replace('"', '\\"').replace("'", "\\'")
+    return value.replace('\\', '\\\\').replace('"', '\\"').replace("'", "\\'")
 
 def capfirst(value):
     "Capitalizes the first character of the value"

Change History (4)

comment:1 Changed 10 years ago by anonymous

Component: Admin interfaceTemplate system

comment:2 Changed 10 years ago by anonymous

Summary: addslashes filter doesn't escape backslashes[patch] addslashes filter doesn't escape backslashes

comment:3 Changed 10 years ago by anonymous

Severity: normalmajor

Does nobody want to fix this bug, which is a major bug IMHO? It's very easy to fix it.

comment:4 Changed 10 years ago by Malcolm Tredinnick

Resolution: fixed
Status: newclosed

(In [3799]) Fixed #2456 -- Added backslash escaping to addslashes, which is necessary once
you start escaping other things. Thanks, tom@….

Note: See TracTickets for help on using tickets.
Back to Top