Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #4131: added an "escapejs" filter for use in JavaScript strings…

…, and updated the documentation on addslashes to point to the new ticket. Featuring contributions from Ned Batchelder, Jeremy Dunck, and Andy Durdin.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@6892 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit b65fce659502ac5e211d13fbd5435e1ff6c703d2 1 parent 76b73ce
Jacob Kaplan-Moss authored December 04, 2007
25  django/template/defaultfilters.py
@@ -43,7 +43,11 @@ def _dec(*args, **kwargs):
43 43
 
44 44
 
45 45
 def addslashes(value):
46  
-    """Adds slashes - useful for passing strings to JavaScript, for example."""
  46
+    """
  47
+    Adds slashes before quotes. Useful for escaping strings in CSV, for
  48
+    example. Less useful for escaping JavaScript; use the ``escapejs``
  49
+    filter instead.
  50
+    """
47 51
     return value.replace('\\', '\\\\').replace('"', '\\"').replace("'", "\\'")
48 52
 addslashes.is_safe = True
49 53
 addslashes = stringfilter(addslashes)
@@ -54,6 +58,25 @@ def capfirst(value):
54 58
 capfirst.is_safe=True
55 59
 capfirst = stringfilter(capfirst)
56 60
 
  61
+_js_escapes = (
  62
+    ('\\', '\\\\'),
  63
+    ('"', '\\"'),
  64
+    ("'", "\\'"),
  65
+    ('\n', '\\n'),
  66
+    ('\r', '\\r'),
  67
+    ('\b', '\\b'),
  68
+    ('\f', '\\f'),
  69
+    ('\t', '\\t'),
  70
+    ('\v', '\\v'),
  71
+    ('</', '<\\/'),
  72
+)
  73
+def escapejs(value):
  74
+    """Backslash-escapes characters for use in JavaScript strings."""
  75
+    for bad, good in _js_escapes:
  76
+        value = value.replace(bad, good)
  77
+    return value
  78
+escapejs = stringfilter(escapejs)
  79
+
57 80
 def fix_ampersands(value):
58 81
     """Replaces ampersands with ``&amp;`` entities."""
59 82
     from django.utils.html import fix_ampersands
13  docs/templates.txt
@@ -1227,8 +1227,10 @@ Adds the arg to the value.
1227 1227
 addslashes
1228 1228
 ~~~~~~~~~~
1229 1229
 
1230  
-Adds slashes. Useful for passing strings to JavaScript, for example.
  1230
+Adds slashes before quotes. Useful for escaping strings in CSV, for example.
1231 1231
 
  1232
+**New in Django development version**: for escaping data in JavaScript strings,
  1233
+use the `escapejs` filter instead.
1232 1234
 
1233 1235
 capfirst
1234 1236
 ~~~~~~~~
@@ -1302,6 +1304,15 @@ applied to the result will only result in one round of escaping being done. So
1302 1304
 it is safe to use this function even in auto-escaping environments. If you want
1303 1305
 multiple escaping passes to be applied, use the ``force_escape`` filter.
1304 1306
 
  1307
+escapejs
  1308
+~~~~~~~~
  1309
+
  1310
+**New in Django development version**
  1311
+
  1312
+Escapes characters for use in JavaScript strings. This does *not* make the
  1313
+string safe for use in HTML, but does protect you from syntax errors when using
  1314
+templates to generate JavaScript/JSON.
  1315
+
1305 1316
 filesizeformat
1306 1317
 ~~~~~~~~~~~~~~
1307 1318
 
12  tests/regressiontests/defaultfilters/tests.py
@@ -49,6 +49,18 @@
49 49
 >>> capfirst(u'hello world')
50 50
 u'Hello world'
51 51
 
  52
+>>> escapejs(u'"double quotes" and \'single quotes\'')
  53
+u'\\"double quotes\\" and \\\'single quotes\\\''
  54
+
  55
+>>> escapejs(ur'\ : backslashes, too')
  56
+u'\\\\ : backslashes, too'
  57
+
  58
+>>> escapejs(u'and lots of whitespace: \r\n\t\v\f\b')
  59
+u'and lots of whitespace: \\r\\n\\t\\v\\f\\b'
  60
+
  61
+>>> escapejs(ur'<script>and this</script>')
  62
+u'<script>and this<\\/script>'
  63
+
52 64
 >>> fix_ampersands(u'Jack & Jill & Jeroboam')
53 65
 u'Jack &amp; Jill &amp; Jeroboam'
54 66
 

0 notes on commit b65fce6

Please sign in to comment.
Something went wrong with that request. Please try again.