[Django] #33405: Documentation for template filter 'escapejs' is extremely unclear

Sun, 02 Jan 2022 16:05:42 -0800 

#33405: Documentation for template filter 'escapejs' is extremely unclear
-----------------------------------------+------------------------
               Reporter:  Jon Ribbens    |          Owner:  nobody
                   Type:  Bug            |         Status:  new
              Component:  Documentation  |        Version:  4.0
               Severity:  Normal         |       Keywords:
           Triage Stage:  Unreviewed     |      Has patch:  0
    Needs documentation:  0              |    Needs tests:  0
Patch needs improvement:  0              |  Easy pickings:  0
                  UI/UX:  0              |
-----------------------------------------+------------------------
 The documentation says:

      Escapes characters for use in JavaScript strings. This does not make
 the string safe for use in HTML or JavaScript template literals, but does
 protect you from syntax errors when using templates to generate
 JavaScript/JSON.

 The first sentence is unclear - JavaScript strings ''where''? Inside `on`
 attributes? Inside `<script>` blocks?

 The second sentence appears entirely meaningless, in that the second half
 seems to contradict the first half. If it doesn't "make the string safe",
 what ''does'' it do? If it "protects you from syntax errors" then in what
 way is it unsafe, and why?

 There needs to be an example of what this filter is supposed to be used
 for, and an explanation of in which circumstances it is unsafe.

 (Also the documentation may say it "does ''not'' make the string safe" but
 the code literally does mark the string safe, so...)

 As far as I can see it ought to be safe for use in, e.g.:

     <script>
     const thing = '{{ context_str|escapejs }}'

 but I can't tell if the documentation is saying you should do this or you
 definitely shouldn't do this (and if not, why not).

-- 
Ticket URL: <https://code.djangoproject.com/ticket/33405>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/051.55dfe489fa0710195bb08afe3288d79a%40djangoproject.com.

Reply via email to