Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#2657 closed defect (fixed)

[patch] Add carriage return quote in django.utils.text.javascript_quote

Reported by: Alex Dedul Owned by: adrian
Component: Core (Other) Version:
Severity: normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:


\r should be also quoted, at least firefox interprets it as a new line and this breaks javascript. Patch is trivial

Index: django/utils/
--- django/utils/    (revision 3722)
+++ django/utils/    (working copy)
@@ -104,6 +104,7 @@
     elif type(s) != unicode:
         raise TypeError, s
     s = s.replace('\\', '\\\\')
+    s = s.replace('\r', '\\r')
     s = s.replace('\n', '\\n')
     s = s.replace('\t', '\\t')
     s = s.replace("'", "\\'")

Attachments (1)

javascript_quote.patch (886 bytes) - added by Alex Dedul 9 years ago.

Download all attachments as: .zip

Change History (4)

comment:1 Changed 9 years ago by Alex Dedul

And one more - double quotes should be also quoted as " like this

    s = s.replace('"', '"')

comment:2 Changed 9 years ago by Alex Dedul

About double quotes - there could be 2 cases when javascript is embedded in tag's attribute like <a onclick="js_func(...)"> double quotes should be quoted and when it appears in <script></script> or in separate file there is no need to quote. Django now uses the latter in i18n so double quotes can be ignored, but javascript_quote can be made to work for both cases what will allow apps with case N1 utilize it and maybe django itself in the future. Proposed final patch is in attach.

Changed 9 years ago by Alex Dedul

comment:3 Changed 9 years ago by mtredinnick

  • Resolution set to fixed
  • Status changed from new to closed

(In [3782]) Fixed #2657 -- Made some tweaks to Javascript quoting. Thanks, Alex Dedul.

Note: See TracTickets for help on using tickets.
Back to Top