Mercurial > hg
changeset 28069:b2d24c2898f9
encoding: backport paranoid escaping from templatefilters.jsonescape()
This was introduced by 55c763926a28. It is required to embed JSON data in
HTML page. Convince yourself here:
http://escape.alf.nu/1
| author | Yuya Nishihara <yuya@tcha.org> |
|---|---|
| date | Sun, 27 Dec 2015 19:58:11 +0900 |
| parents | 9ece901f7a19 |
| children | a504794cee29 |
| files | mercurial/encoding.py |
| diffstat | 1 files changed, 6 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/encoding.py Sun Dec 27 19:28:34 2015 +0900 +++ b/mercurial/encoding.py Sun Dec 27 19:58:11 2015 +0900 @@ -391,6 +391,8 @@ _jsonmap[0x0c] = '\\f' _jsonmap[0x0d] = '\\r' _paranoidjsonmap = _jsonmap[:] +_paranoidjsonmap[0x3c] = '\\u003c' # '<' (e.g. escape "</script>") +_paranoidjsonmap[0x3e] = '\\u003e' # '>' _jsonmap.extend(chr(x) for x in xrange(128, 256)) def jsonescape(s, paranoid=False): @@ -419,8 +421,8 @@ >>> jsonescape('') '' - If paranoid, non-ascii characters are also escaped. This is suitable for - web output. + If paranoid, non-ascii and common troublesome characters are also escaped. + This is suitable for web output. >>> jsonescape('escape boundary: \\x7e \\x7f \\xc2\\x80', paranoid=True) 'escape boundary: ~ \\\\u007f \\\\u0080' @@ -430,6 +432,8 @@ 'utf-8: caf\\\\u00e9' >>> jsonescape('non-BMP: \\xf0\\x9d\\x84\\x9e', paranoid=True) 'non-BMP: \\\\ud834\\\\udd1e' + >>> jsonescape('<foo@example.org>', paranoid=True) + '\\\\u003cfoo@example.org\\\\u003e' ''' if paranoid: