Reputation: 638
Django | Auto Escape On / Off | Single Quotes | JSON
I have address field in a form. I'm sending that form to web server after converting it to json. Unexpectedly when a user enters the text 'X' Road in the address field, it is escaping using \. I saved that info in database and then sending back to client.
jresp = '{% autoescape on%}{{jresp}}{% endautoescape %}';
But unfortunately here escape characters are not presented. The tag is closing when encountering the text 'X Road'
Here is the snippet...
jresp =
'{"data":
{"alt_mobile": "7396623933", "father": "Janaiah", "gender": true, "surname": "Boddu",
"mobile": "9010101046", "religion": "Hindu", "mother": "Parvathi",
"address": "Khammam 'X' Road, Road No: 5", "dob": "14 July, 1995",
"cast": "Bc - B", "lastname": "Sai ", "temp_address": "Hyderabad",
"firstname": "Gowtham", "mother_maiden_name": "Mothukuri"},
"rollno": "12261A0109", "academics":
{"mtech_pref": 2, "abckl_total": 0,
"aieeerank": 44978, "engg_t_agg": 69.32,
"job_pref": 1, "sem4_total": 750, "sem1_pbckl": 0,
"verify": false, "sem7_pbckl": 0,
"x2class_year_of_pass": 2012, "sem2_abckl": 0,
"x2class_board": "BIEAP", "sem8_marks": 0,
"xclass_total": 700, "sem3_total": 750,
"x2class_t_agg": 89.8, "ms_pref": 3, "sem5_abckl": null,
"sem4_marks": 515, "x2class_total": 1000, "sem2_marks": 545,
"sem6_pbckl": 0, "sem3_pbckl": 0, "evaluation_test": false,
"sem5_pbckl": null, "pbckl_history": true, "sem6_total": 0,
"is_icse": false, "is_inter": true,
"abckl_history": false, "sem8_pbckl": 0, "comp_xclass_t_agg": 3,
"is_ssc": false, "sem1_total": 1000, "x2class_name": "CVR",
"x2class_marks": 898, "branch": 1, "sem6_abckl": 0,
"xclass_t_agg": 89.71, "sem1_abckl": 0, "pbckl_total": 0,
"xclass_name": "SVVN", "sem8_total": 0, "xclass_marks": 628,
"sem4_abckl": 0, "sem2_pbckl": 0, "mba_pref": 4,
"sem7_marks": 0, "sem6_marks": 0, "xclass_year_of_pass": 2010,
"sem7_abckl": 0, "sem2_total": 750, "sem7_total": 0,
"comp_x2class_t_agg": 3, "sem4_pbckl": 0,
"comp_engg_t_agg": 2, "sem1_marks": 693, "is_isce": null,
"sem3_marks": 500, "sem3_abckl": 0, "sem5_marks": null,
"xclass_board": "SSC", "task_reg": false, "cetrank": 23592,
"sem8_abckl": 0, "sem5_total": null}}';
It is not supposed to raise the error, but I get an error in the console!
Questions:
How to resolve the issue?
What exactly is causing the issue?
Upvotes: 1
Views: 1506
Answers (1)
Reputation: 5574
The autoescape tag escapes special HTML characters (< and >), not single quotes.
If you want to escape single quotes, you can write a custom template filter.
For example:
from django import template
register = template.Library()
@register.filter
def escape_single_quotes(string):
# The two backslashes are interpreted as a single one
# because the backslash is the escaping character.
return string.replace("'", "\\'")
If you do not wish to use a template filter, what you can do is this:
{# Note the type is not "text/javascript" so the browser does not try to interpret the content. #}
<script id="jresp" type="application/json">{{ jresp }}</script>
<script>
var jsresp = document.getElementById('jsreps').innerHTML;
</script>
This second solution is better practice because you are not rendering the JS with Django which means it can be moved to an external file.
Upvotes: 2
Related Questions
- Single vs double quotes in JSON
- Escape quotes in JavaScript
- How to escape apostrophe (a single quote) in MySql?
- Creating a JSON response using Django and Python
- How to escape single quotes in MySQL?
- How can I escape a single quote?
- Why shouldn't `&apos;` be used to escape single quotes?
- How do I properly escape quotes inside HTML attributes?
- How to escape double quotes in a title attribute