Context Navigation

← Previous Ticket
Next Ticket →

Opened 18 years ago

Closed 18 years ago

Last modified 18 years ago

#2456 closed defect (fixed)

[patch] addslashes filter doesn't escape backslashes

Reported by:	tom@…	Owned by:	Adrian Holovaty
Component:	Template system	Version:
Severity:	major	Keywords:
Cc:		Triage Stage:	Unreviewed
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	no
Easy pickings:	no	UI/UX:	no

Description

addslashes filter doesn't escape backslashes. This is important when you want to pass a string that contains backslashes to a JavaScript template.

Here's a patch:

Index: django/template/defaultfilters.py
===================================================================
--- django/template/defaultfilters.py   (revision 3496)
+++ django/template/defaultfilters.py   (working copy)
@@ -15,7 +15,7 @@
 
 def addslashes(value):
     "Adds slashes - useful for passing strings to JavaScript, for example."
-    return value.replace('"', '\\"').replace("'", "\\'")
+    return value.replace('\\', '\\\\').replace('"', '\\"').replace("'", "\\'")
 
 def capfirst(value):
     "Capitalizes the first character of the value"

Change History (4)

comment:1 by anonymous, 18 years ago

Component:	Admin interface → Template system

comment:2 by anonymous, 18 years ago

Summary:	addslashes filter doesn't escape backslashes → [patch] addslashes filter doesn't escape backslashes

comment:3 by anonymous, 18 years ago

Severity:	normal → major

Does nobody want to fix this bug, which is a major bug IMHO? It's very easy to fix it.

comment:4 by Malcolm Tredinnick, 18 years ago

Resolution:	→ fixed
Status:	new → closed

(In [3799]) Fixed #2456 -- Added backslash escaping to addslashes, which is necessary once
you start escaping other things. Thanks, tom@….

Note: See TracTickets for help on using tickets.

Download in other formats: