Monday, January 22, 2018

Django escapes a string partially

Hi there!

I have a problem with escaping an error.
I have this unicode in python(2.7) which isn't escaped well in a span element:
u"'NoneType' object has no attribute 'rfind'"
The template is defined as follows:
<span id="status_{{ v.vid }}" {% if v.should_display_error_popover %}
      data-content={{ v.error_msg }} data-trigger="hover" rel="popover"
      data-original-title="Error Title" {% endif %}
      class="label extra-label label-pill label-{{ v.show_class | safe }}">
{{ v.get_human_status }}</span>

where v.error_msg is the string above. It should be noted that all other attributes works just fine

I wrapped the template in 
{% autoescape on %}
...template content...
{% endautoescape %}

Then I tried using the escape/force_escape tag on the problematic string:
{{ v.error_msg | force_escape }}

Nothing works, the output is only escaped once:
data-content="'NoneType'" object has not attribute &#39;rfind&#39;
Which causes the resulting popover to show only with the message 'NoneType'.
What am I doing wrong? Why isn't the string properly escaped?

I'm using Djagno 1.5.11, but this syntax was defined well before version 1.5.11, so I don't think it's a version issue.
It's a minor issue but it's driving me mad.

Thanks,
Ron

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/94b82a29-4036-48eb-b339-e3068bac5e0d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment