-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Escape variables in mkdocs data #5759
Conversation
@@ -1,10 +1,10 @@ | |||
var READTHEDOCS_DATA = {{ data_json|safe }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we not need it here, too?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let me check. There's a new templatetag in Django 2 for JSON data but we can't use it yet.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is one in 1.11 https://docs.djangoproject.com/en/1.11/ref/templates/builtins/#escapejs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oh, this is a json object I guess?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So the above is not quite right. This is a bit complex so I'm going to spend slightly more time here and try to write a test or two.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oh, this is a json object I guess?
Correct. Escapejs doesn't work for this kind of object.
var doc_version = "{{ current_version|escapejs }}"; | ||
var doc_slug = "{{ slug|escapejs }}"; | ||
var page_name = "{{ pagename|escapejs }}"; | ||
var html_theme = "{{ html_theme|escapejs }}"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think "
are inserted by the filter (didn't tested it).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reading the django code, looks like they don't include "
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure where you're looking but it is included as far as I can tell.
>>> from django.template.defaultfilters import escapejs_filter
>>> escapejs_filter('"')
'\\u0022'
https://github.com/django/django/blob/1.11/django/utils/html.py#L54-L76
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I mean the "
surrounding the variable. In jinja you just need to put var foo = {{ bar|tojson }}
. Django needs var foo = "{{ bar|escapejs }"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Got it. Correct. That's different.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
No description provided.