#4131: addslashes isn't sufficient to protect literal strings in embedded
JavaScript code
------------------------------------------------------+---------------------
Reporter: Ned Batchelder <[EMAIL PROTECTED]> | Owner:
nobody
Status: new | Component:
Template system
Version: SVN | Resolution:
Keywords: | Stage:
Design decision needed
Has_patch: 1 | Needs_docs:
0
Needs_tests: 0 | Needs_better_patch:
0
------------------------------------------------------+---------------------
Changes (by durdinator):
* needs_tests: 1 => 0
Comment:
`addslashes` as it stands is useful for things other than javascript,
which may not accept `\/`, `\n`; csv for example (see
http://www.djangoproject.com/documentation/outputting_csv/ for a prominent
example).
I'm attaching a patch which adds this code as a new filter "escapejs",
along with docs and tests.
Also, I question the removal in Jeremy's patch of carriage returns, so
they're being converted to `\r`.
--
Ticket URL: <http://code.djangoproject.com/ticket/4131#comment:12>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
