Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#2456 closed defect (fixed)

[patch] addslashes filter doesn't escape backslashes

Reported by: tom@… Owned by: adrian
Component: Template system Version:
Severity: major Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:


addslashes filter doesn't escape backslashes. This is important when you want to pass a string that contains backslashes to a JavaScript template.

Here's a patch:

Index: django/template/
--- django/template/   (revision 3496)
+++ django/template/   (working copy)
@@ -15,7 +15,7 @@
 def addslashes(value):
     "Adds slashes - useful for passing strings to JavaScript, for example."
-    return value.replace('"', '\\"').replace("'", "\\'")
+    return value.replace('\\', '\\\\').replace('"', '\\"').replace("'", "\\'")
 def capfirst(value):
     "Capitalizes the first character of the value"

Attachments (0)

Change History (4)

comment:1 Changed 8 years ago by anonymous

  • Component changed from Admin interface to Template system

comment:2 Changed 8 years ago by anonymous

  • Summary changed from addslashes filter doesn't escape backslashes to [patch] addslashes filter doesn't escape backslashes

comment:3 Changed 8 years ago by anonymous

  • Severity changed from normal to major

Does nobody want to fix this bug, which is a major bug IMHO? It's very easy to fix it.

comment:4 Changed 8 years ago by mtredinnick

  • Resolution set to fixed
  • Status changed from new to closed

(In [3799]) Fixed #2456 -- Added backslash escaping to addslashes, which is necessary once
you start escaping other things. Thanks, tom@….

Add Comment

Modify Ticket

Change Properties
<Author field>
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.