#4131: [patch] addslashes isn't sufficient to protect literal strings in
embedded
JavaScript code
------------------------------------------------------+---------------------
Reporter: Ned Batchelder <[EMAIL PROTECTED]> | Owner:
adrian
Status: new | Component:
Template system
Version: SVN | Resolution:
Keywords: | Stage:
Unreviewed
Has_patch: 0 | Needs_docs:
0
Needs_tests: 0 | Needs_better_patch:
0
------------------------------------------------------+---------------------
Changes (by Collin Grady <[EMAIL PROTECTED]>):
* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0
Comment:
But should this really be in addslashes? It's a pretty specific edge-case,
and may not be desirable anywhere else - e.g. non-Javascript strings.
Seems like a custom filter made to escape </script> would be better, IMO
:)
--
Ticket URL: <http://code.djangoproject.com/ticket/4131#comment:1>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
