Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

django escape tag not escaping single quotation marks

I am using django 1.7.

When a user enters single and/or double quotation marks as part of their input, the form displaying their entered data is broken.

So I used django's escape tag, which should deal with this very easily.

However, the escape tag is only escaping the double quotation marks. The single quotation marks are not being escaped and are breaking the test form.

Here is an example of my code:

{{ field|escape }}

Does anyone know how to overcome this issue.

EDIT

Here is my form field template code (form_fields.html):

<div id="row_{{ field.auto_id }}" class="form-group {% if field.errors %}error{% endif %} {% if hide_row %}hidden{% endif %}">
    <label for="{{ field.auto_id }}" class="control-label {{ field.css_classes }}">
        {{ field.label }}{% if field.label %}:{% endif %}
    </label>
    <div class="controls {{ control_classes }}">
        {{ field|escape }}
        {% if field.errors %}
            <span class="help-inline">
                <strong>
                    {% for e in field.errors %}
                        {{ e }}<br/>
                    {% endfor %}
                </strong>
            </span>
        {% endif %}
        {% if field.help_text %}
            <p class="help-block">
                {{ field.help_text }}
            </p>
        {% endif %}
    </div>
</div>

And here is the form template field code:

{% load form_fields %}
....
{% form_field form.name_details_prefix_title %}
like image 914
user1261774 Avatar asked Oct 10 '15 22:10

user1261774


1 Answers

I ultimately tracked th error to a js issue.

I used the following tag to solve the issue:

{{ field|escapejs }}

Hope that this helps some one.

like image 124
user1261774 Avatar answered Sep 24 '22 19:09

user1261774