[4.2.x] Fixed #33405, Refs #7177 -- Clarified docs for filter escapejs regarding safe and unsafe usages.

Backport of adfb3dfa89b62ee0c838a64d3d480c03dd3ec869 from main
2025-01-26 18:19:18 +00:00 · 2023-05-25 16:39:15 +01:00 · 2023-05-25 16:39:15 +01:00 · e54f711d42
commit e54f711d42
parent 047844270b
2 changed files with 9 additions and 7 deletions
--- a/docs/ref/templates/builtins.txt
+++ b/docs/ref/templates/builtins.txt
@ -1865,18 +1865,19 @@ For example, you can apply ``escape`` to fields when :ttag:`autoescape` is off:
 ``escapejs``
 ------------

-Escapes characters for use in JavaScript strings. This does *not* make the
-string safe for use in HTML or JavaScript template literals, but does protect
-you from syntax errors when using templates to generate JavaScript/JSON.
+Escapes characters for use as a whole JavaScript string literal, within single
+or double quotes, as below. This filter does not make the string safe for use
+in *"JavaScript template literals"* (the JavaScript backtick syntax). Any other
+uses not listed above are not supported. It is generally recommended that data
+should be passed using HTML ``data-`` attributes, or the :tfilter:`json_script`
+filter, rather than in embedded JavaScript.

 For example:

 .. code-block:: html+django

-    {{ value|escapejs }}
-
-If ``value`` is ``"testing\r\njavascript 'string\" <b>escaping</b>"``,
-the output will be ``"testing\\u000D\\u000Ajavascript \\u0027string\\u0022 \\u003Cb\\u003Eescaping\\u003C/b\\u003E"``.
+    <script>
+    let myValue = '{{ value|escapejs }}'

 .. templatefilter:: filesizeformat

--- a/docs/spelling_wordlist
+++ b/docs/spelling_wordlist
@ -40,6 +40,7 @@ backends
 backport
 backported
 backports
+backtick
 backtraces
 balancer
 basename