1
0
mirror of https://github.com/django/django.git synced 2025-01-18 06:12:23 +00:00

Fixed #33405, Refs #7177 -- Clarified docs for filter escapejs regarding safe and unsafe usages.

This commit is contained in:
Jon Ribbens 2023-05-25 16:39:15 +01:00 committed by Mariusz Felisiak
parent 075e9c0a4d
commit adfb3dfa89
2 changed files with 9 additions and 7 deletions

View File

@ -1877,18 +1877,19 @@ For example, you can apply ``escape`` to fields when :ttag:`autoescape` is off:
``escapejs``
------------
Escapes characters for use in JavaScript strings. This does *not* make the
string safe for use in HTML or JavaScript template literals, but does protect
you from syntax errors when using templates to generate JavaScript/JSON.
Escapes characters for use as a whole JavaScript string literal, within single
or double quotes, as below. This filter does not make the string safe for use
in *"JavaScript template literals"* (the JavaScript backtick syntax). Any other
uses not listed above are not supported. It is generally recommended that data
should be passed using HTML ``data-`` attributes, or the :tfilter:`json_script`
filter, rather than in embedded JavaScript.
For example:
.. code-block:: html+django
{{ value|escapejs }}
If ``value`` is ``"testing\r\njavascript 'string\" <b>escaping</b>"``,
the output will be ``"testing\\u000D\\u000Ajavascript \\u0027string\\u0022 \\u003Cb\\u003Eescaping\\u003C/b\\u003E"``.
<script>
let myValue = '{{ value|escapejs }}'
.. templatefilter:: escapeseq

View File

@ -40,6 +40,7 @@ backends
backport
backported
backports
backtick
backtraces
balancer
basename