Fixed #36737 -- Escaped further control characters in escapejs.

author: farthestmage <arnavkamboj511@gmail.com> 2025-11-17 15:56:50 +0530
committer: Jacob Walls <jacobtylerwalls@gmail.com> 2025-11-20 09:35:59 -0500
commit: 07419875685997a30cd281396e0dc867e98aefe3 (patch)
tree: 9956eea25ede3a38472292456b3fa82bb1aa994f /django/utils
parent: 97acd4d2f92eef8c285bac070d437bf0fd52e071 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/django/utils/html.py b/django/utils/html.py
index 059767d394..68260af337 100644
--- a/django/utils/html.py
+++ b/django/utils/html.py
@@ -7,6 +7,7 @@ import warnings
 from collections import deque
 from collections.abc import Mapping
 from html.parser import HTMLParser
+from itertools import chain
 from urllib.parse import parse_qsl, quote, unquote, urlencode, urlsplit, urlunsplit
 
 from django.conf import settings
@@ -76,8 +77,11 @@ _js_escapes = {
     ord("\u2029"): "\\u2029",
 }
 
-# Escape every ASCII character with a value less than 32.
-_js_escapes.update((ord("%c" % z), "\\u%04X" % z) for z in range(32))
+# Escape every ASCII character with a value less than 32 (C0), 127(C0),
+# or 128-159(C1).
+_js_escapes.update(
+    (ord("%c" % z), "\\u%04X" % z) for z in chain(range(32), range(0x7F, 0xA0))
+)
 
 
 @keep_lazy(SafeString)
author	farthestmage <arnavkamboj511@gmail.com>	2025-11-17 15:56:50 +0530
committer	Jacob Walls <jacobtylerwalls@gmail.com>	2025-11-20 09:35:59 -0500
commit	07419875685997a30cd281396e0dc867e98aefe3 (patch)
tree	9956eea25ede3a38472292456b3fa82bb1aa994f /django/utils
parent	97acd4d2f92eef8c285bac070d437bf0fd52e071 (diff)