#36737: Escape C1 control sequence in `escapejs`
-------------------------------------+-------------------------------------
Reporter: Thibaut Decombe | Type:
| Cleanup/optimization
Status: new | Component: Template
| system
Version: 5.2 | Severity: Normal
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
The current implementation of the
`escapejs`https://github.com/django/django/blob/5c60763561c67924eff1069e1516b60a59d068d5/django/utils/html.py#L79-L80
escapes only C0 control characters (unicode values ranging from 0 to 31)
However, there are other control characters in the 127-159 range, the C1
control characters.
See https://en.wikipedia.org/wiki/C0_and_C1_control_codes#C1_controls
Should we escape these too ?
The rust helper `char.is_control` https://doc.rust-
lang.org/src/core/char/methods.rs.html#952 consider both these ranges and
we were considering using it in django_rusty_templates
I'll be happy to provide a PR if it make sense
--
Ticket URL: <https://code.djangoproject.com/ticket/36737>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/0107019a89b3e0fc-3c11cb73-cab4-415e-86dd-c646b4a5a8ca-000000%40eu-central-1.amazonses.com.
