Fixed #4131: added an "escapejs" filter for use in JavaScript strings, and updated the documentation on addslashes to point to the new ticket. Featuring contributions from Ned Batchelder, Jeremy Dunck, and Andy Durdin.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@6892 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-10-26 07:06:08 +00:00 · 2007-12-04 21:08:29 +00:00
parent 76b73ce725
commit b65fce6595
3 changed files with 48 additions and 2 deletions
--- a/django/template/defaultfilters.py
+++ b/django/template/defaultfilters.py
@@ -43,7 +43,11 @@ def stringfilter(func):


 def addslashes(value):
-    """Adds slashes - useful for passing strings to JavaScript, for example."""
+    """
+    Adds slashes before quotes. Useful for escaping strings in CSV, for
+    example. Less useful for escaping JavaScript; use the ``escapejs``
+    filter instead.
+    """
    return value.replace('\\', '\\\\').replace('"', '\\"').replace("'", "\\'")
 addslashes.is_safe = True
 addslashes = stringfilter(addslashes)
@@ -54,6 +58,25 @@ def capfirst(value):
 capfirst.is_safe=True
 capfirst = stringfilter(capfirst)

+_js_escapes = (
+    ('\\', '\\\\'),
+    ('"', '\\"'),
+    ("'", "\\'"),
+    ('\n', '\\n'),
+    ('\r', '\\r'),
+    ('\b', '\\b'),
+    ('\f', '\\f'),
+    ('\t', '\\t'),
+    ('\v', '\\v'),
+    ('</', '<\\/'),
+)
+def escapejs(value):
+    """Backslash-escapes characters for use in JavaScript strings."""
+    for bad, good in _js_escapes:
+        value = value.replace(bad, good)
+    return value
+escapejs = stringfilter(escapejs)
+
 def fix_ampersands(value):
    """Replaces ampersands with ``&amp;`` entities."""
    from django.utils.html import fix_ampersands