Opened 13 years ago

Closed 13 years ago

Last modified 13 years ago

#2657 closed defect (fixed)

[patch] Add carriage return quote in django.utils.text.javascript_quote

Reported by: Alex Dedul Owned by: Adrian Holovaty
Component: Core (Other) Version:
Severity: normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


\r should be also quoted, at least firefox interprets it as a new line and this breaks javascript. Patch is trivial

Index: django/utils/
--- django/utils/    (revision 3722)
+++ django/utils/    (working copy)
@@ -104,6 +104,7 @@
     elif type(s) != unicode:
         raise TypeError, s
     s = s.replace('\\', '\\\\')
+    s = s.replace('\r', '\\r')
     s = s.replace('\n', '\\n')
     s = s.replace('\t', '\\t')
     s = s.replace("'", "\\'")

Attachments (1)

javascript_quote.patch (886 bytes) - added by Alex Dedul 13 years ago.

Download all attachments as: .zip

Change History (4)

comment:1 Changed 13 years ago by Alex Dedul

And one more - double quotes should be also quoted as " like this

    s = s.replace('"', '"')

comment:2 Changed 13 years ago by Alex Dedul

About double quotes - there could be 2 cases when javascript is embedded in tag's attribute like <a onclick="js_func(...)"> double quotes should be quoted and when it appears in <script></script> or in separate file there is no need to quote. Django now uses the latter in i18n so double quotes can be ignored, but javascript_quote can be made to work for both cases what will allow apps with case N1 utilize it and maybe django itself in the future. Proposed final patch is in attach.

Changed 13 years ago by Alex Dedul

Attachment: javascript_quote.patch added

comment:3 Changed 13 years ago by Malcolm Tredinnick

Resolution: fixed
Status: newclosed

(In [3782]) Fixed #2657 -- Made some tweaks to Javascript quoting. Thanks, Alex Dedul.

Note: See TracTickets for help on using tickets.
Back to Top