diff options
| author | Jon Ribbens <jribbens@gmail.com> | 2023-05-25 16:39:15 +0100 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2023-07-03 13:55:31 +0200 |
| commit | e54f711d4287b3ea57026a02b48ab7e28ca6dcc1 (patch) | |
| tree | 63134a0da8a44b1e6b8aa835ae53cd7df7b15270 /docs/ref | |
| parent | 047844270bd5cfc4a2716146616970ac1407d2a2 (diff) | |
[4.2.x] Fixed #33405, Refs #7177 -- Clarified docs for filter escapejs regarding safe and unsafe usages.
Backport of adfb3dfa89b62ee0c838a64d3d480c03dd3ec869 from main
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/templates/builtins.txt | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt index bee78073a2..9d6bc57a92 100644 --- a/docs/ref/templates/builtins.txt +++ b/docs/ref/templates/builtins.txt @@ -1865,18 +1865,19 @@ For example, you can apply ``escape`` to fields when :ttag:`autoescape` is off: ``escapejs`` ------------ -Escapes characters for use in JavaScript strings. This does *not* make the -string safe for use in HTML or JavaScript template literals, but does protect -you from syntax errors when using templates to generate JavaScript/JSON. +Escapes characters for use as a whole JavaScript string literal, within single +or double quotes, as below. This filter does not make the string safe for use +in *"JavaScript template literals"* (the JavaScript backtick syntax). Any other +uses not listed above are not supported. It is generally recommended that data +should be passed using HTML ``data-`` attributes, or the :tfilter:`json_script` +filter, rather than in embedded JavaScript. For example: .. code-block:: html+django - {{ value|escapejs }} - -If ``value`` is ``"testing\r\njavascript 'string\" <b>escaping</b>"``, -the output will be ``"testing\\u000D\\u000Ajavascript \\u0027string\\u0022 \\u003Cb\\u003Eescaping\\u003C/b\\u003E"``. + <script> + let myValue = '{{ value|escapejs }}' .. templatefilter:: filesizeformat |