Opened 97 minutes ago
#36737 new Cleanup/optimization
Escape C1 control sequence in `escapejs`
| Reported by: | Thibaut Decombe | Owned by: | |
|---|---|---|---|
| Component: | Template system | Version: | 5.2 |
| Severity: | Normal | Keywords: | |
| Cc: | Thibaut Decombe | Triage Stage: | Unreviewed |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | yes | UI/UX: | no |
Description
The current implementation of the escapejshttps://github.com/django/django/blob/5c60763561c67924eff1069e1516b60a59d068d5/django/utils/html.py#L79-L80 escapes only C0 control characters (unicode values ranging from 0 to 31)
However, there are other control characters in the 127-159 range, the C1 control characters.
See https://en.wikipedia.org/wiki/C0_and_C1_control_codes#C1_controls
Should we escape these too ?
The rust helper char.is_control https://doc.rust-lang.org/src/core/char/methods.rs.html#952 consider both these ranges and we were considering using it in django_rusty_templates
I'll be happy to provide a PR if it make sense
Note:
See TracTickets
for help on using tickets.