Monday, January 22, 2018

Re: Django escapes a string partially

Hi,

You should wrap your  `data-content={{ v.error_msg }}` in quotes, like this: `data-content="{{ v.error_msg }}"`.

Otherwise you'll generate the template as `data-content='NoneType' object has not attribute "rfind"`, which is a valid HTML (data-content will have the string 'NoneType' and the node will have a bunch of tags that it doesn't know what to do with it, so they just sit there: "object", "has", "not", "attribute" and ""rfind"".)

On Mon, Jan 22, 2018 at 1:47 PM, Ron Moran <ron.moran@nielsen.com> wrote:
Hi there!

I have a problem with escaping an error.
I have this unicode in python(2.7) which isn't escaped well in a span element:
u"'NoneType' object has no attribute 'rfind'"
The template is defined as follows:
<span id="status_{{ v.vid }}" {% if v.should_display_error_popover %}
      data-content={{ v.error_msg }} data-trigger="hover" rel="popover"
      data-original-title="Error Title" {% endif %}
      class="label extra-label label-pill label-{{ v.show_class | safe }}">
{{ v.get_human_status }}</span>

where v.error_msg is the string above. It should be noted that all other attributes works just fine

I wrapped the template in 
{% autoescape on %}
...template content...
{% endautoescape %}

Then I tried using the escape/force_escape tag on the problematic string:
{{ v.error_msg | force_escape }}

Nothing works, the output is only escaped once:
data-content="'NoneType'" object has not attribute &#39;rfind&#39;
Which causes the resulting popover to show only with the message 'NoneType'.
What am I doing wrong? Why isn't the string properly escaped?

I'm using Djagno 1.5.11, but this syntax was defined well before version 1.5.11, so I don't think it's a version issue.
It's a minor issue but it's driving me mad.

Thanks,
Ron

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/94b82a29-4036-48eb-b339-e3068bac5e0d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
Julio Biason, Sofware Engineer
AZION  |  Deliver. Accelerate. Protect.
Office: +55 51 3083 8101  |  Mobile: +55 51 99907 0554

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAEM7gE1J%2BAYqxsxc8MqddUinFndp7teiQVq2WidxTYGpbeb-2Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)