changeset 1144:9ab81e421631

Use dumps() for json escaping
author Sam Toyer <samATqxcvDOTnet>
date Fri, 09 Dec 2011 11:16:16 +1000
parents 088b3356ef01
children 5421be737643
files MoinMoin/templates/modify_text.html MoinMoin/themes/__init__.py
diffstat 2 files changed, 8 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/templates/modify_text.html	Thu Dec 08 15:32:24 2011 +1000
+++ b/MoinMoin/templates/modify_text.html	Fri Dec 09 11:16:16 2011 +1000
@@ -5,11 +5,11 @@
 {% block subitem_navigation %}
     {% if subitems %}
         {% call(fullname, shortname, contenttype, has_children) utils.render_subitem_navigation(subitems) %}
-            {% set shortname = shortname|js_string_escape %}
-            {% set fullname = fullname|js_string_escape %}
-            <button class="link-action" onclick="linkSubitem('{{ shortname }}', '{{ fullname }}')"
+            {% set shortname = shortname|json_dumps %}
+            {% set fullname = fullname|json_dumps %}
+            <button class="link-action" onclick='linkSubitem({{ shortname }}, {{ fullname }})'
                 title="{{ _('Link to Subitem') }}">{{ _('Link') }}</button>
-            <button class="transclude-action" onclick="transcludeSubitem('{{ shortname }}', '{{ fullname }}')"
+            <button class="transclude-action" onclick='transcludeSubitem({{ shortname }}, {{ fullname }})'
                 title="{{ _('Transclude Subitem') }}">{{ _('Transclude') }}</button>
         {% endcall %}
     {% endif %}
--- a/MoinMoin/themes/__init__.py	Thu Dec 08 15:32:24 2011 +1000
+++ b/MoinMoin/themes/__init__.py	Fri Dec 09 11:16:16 2011 +1000
@@ -10,6 +10,7 @@
 
 import urllib
 
+from json import dumps
 from operator import itemgetter
 
 from flask import current_app as app
@@ -337,7 +338,7 @@
         result['email'] = email
     return result
 
-def js_string_escape(data):
+def json_dumps(data):
     """
     Escape the given string so it is safe to use as a Javscript string
 
@@ -345,7 +346,7 @@
     :rtype: str
     :returns: Javascript escaped version
     """
-    return data.replace("\\", r"\\").replace("'", r"\'").replace('"', r'\"')
+    return dumps(data)
 
 def shorten_item_name(name, length=25):
     """
@@ -420,7 +421,7 @@
     app.jinja_env.filters['shorten_item_name'] = shorten_item_name
     app.jinja_env.filters['shorten_id'] = shorten_id
     app.jinja_env.filters['contenttype_to_class'] = contenttype_to_class
-    app.jinja_env.filters['js_string_escape'] = js_string_escape
+    app.jinja_env.filters['json_dumps'] = json_dumps
     # please note that these filters are installed by flask-babel:
     # datetimeformat, dateformat, timeformat, timedeltaformat