Opened 11 years ago

Closed 11 years ago

#5980 closed (fixed)

FilterExpression does not properly respect escaped quotes

Reported by: Dmitri Fedortchenko <zeraien@…> Owned by: nobody
Component: Template system Version: master
Severity: Keywords: filter quote escape
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


FilterExpression does not treat escaped quotes in constant strings properly, unless they are filter arguments.

Consider this:

{{ _("This is an \"object\"")|filter:"Some\"thing\"" }} 

{{ "This is an \"object\""|filter:"Some\"thing\"" }} 

The translation will be run as

gettext('This is an \"object\"')

and thus fail, and the constant will be printed as

This is an \"object\"

The filter argument on the other hand is properly treated and the escape char is removed from the quotes.

The code below leads me to believe that this is an oversight and not a feature:

Filter arguments are processed here:

                if i18n_arg:
                    args.append((False, _(i18n_arg.replace(r'\"', '"'))))
                elif constant_arg is not None:
                    args.append((False, constant_arg.replace(r'\"', '"')))

and the main string of this expression is processed here:

                if i18n_constant:
                    var = '"%s"' % _(i18n_constant)
                elif constant:
                    var = '"%s"' % constant

This is in the constructor of django.template.FilterExpression. Escaped quotes in filter arguments are be treated, but not escaped quotes in the main string of this expression.

A tiny patch addresses this issue.

Attachments (1)

filterexperssion_quote_escaping.diff (813 bytes) - added by Dmitri Fedortchenko <zeraien@…> 11 years ago.

Download all attachments as: .zip

Change History (2)

Changed 11 years ago by Dmitri Fedortchenko <zeraien@…>

comment:1 Changed 11 years ago by Malcolm Tredinnick

Resolution: fixed
Status: newclosed

Fixed in [6724].

Note: See TracTickets for help on using tickets.
Back to Top