#2986: JavaScript (dismissAddAnotherPopup) problem in TextField with newline
characters
-------------------------------------------+--------------------------------
Reporter: anonymous | Owner: nobody
Status: reopened | Milestone:
Component: django.contrib.admin | Version: SVN
Resolution: | Keywords: easy-picking
Stage: Accepted | Has_patch: 1
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 1 |
-------------------------------------------+--------------------------------
Changes (by mtredinnick):
* keywords: => easy-picking
* needs_better_patch: 0 => 1
* stage: Ready for checkin => Accepted
Comment:
I don't like changing the content like this (removing newlines). Partly
because it leaves us open to other kinds of injection attacks as well. We
have an escapejs filter in the template tags. Let's pull out the
functionality from that into django/utils/html.py and call that to escape
the string before putting it into Javascript. The reason I want to pull it
out is so that Python code calls pure Python, not a template tag (the
template tag can call the python function in django/utils/html.py as
well). It's mostly just a namespacing issue, but it keeps things
consistent with escape() and the escape filter.
--
Ticket URL: <http://code.djangoproject.com/ticket/2986#comment:7>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
