#2657 closed defect (fixed)
[patch] Add carriage return quote in django.utils.text.javascript_quote
Reported by: | Alex Dedul | Owned by: | Adrian Holovaty |
---|---|---|---|
Component: | Core (Other) | Version: | |
Severity: | normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
\r should be also quoted, at least firefox interprets it as a new line and this breaks javascript. Patch is trivial
Index: django/utils/text.py =================================================================== --- django/utils/text.py (revision 3722) +++ django/utils/text.py (working copy) @@ -104,6 +104,7 @@ elif type(s) != unicode: raise TypeError, s s = s.replace('\\', '\\\\') + s = s.replace('\r', '\\r') s = s.replace('\n', '\\n') s = s.replace('\t', '\\t') s = s.replace("'", "\\'")
Attachments (1)
Change History (4)
comment:1 by , 18 years ago
comment:2 by , 18 years ago
About double quotes - there could be 2 cases when javascript is embedded in tag's attribute like <a onclick="js_func(...)"> double quotes should be quoted and when it appears in <script></script> or in separate file there is no need to quote. Django now uses the latter in i18n so double quotes can be ignored, but javascript_quote can be made to work for both cases what will allow apps with case N1 utilize it and maybe django itself in the future. Proposed final patch is in attach.
by , 18 years ago
Attachment: | javascript_quote.patch added |
---|
comment:3 by , 18 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
And one more - double quotes should be also quoted as " like this