Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#30 JavaScript string escapes are unescaped

closed
nobody
PSP (7)
5
2003-02-11
2002-12-18
Fazal Majid
No

If I take the following PSP:

<html>
<script language="JavaScript">
var foo = "hello, world\n";
...
</script>
...
</html>

The backslash in the JavaScript \n literal is not
escaped in the Python string embedded in the servlet
(unlike the double quote), and is expanded by Python
when the servlet is called, thus breaking the
JavaScript, with the following result:

<html>
<script language="JavaScript">
var foo = "hello, world
";
...
</script>
...
</html>

Discussion

  • Fazal Majid
    Fazal Majid
    2002-12-18

    Logged In: YES
    user_id=110477

    The following patch seems to do the trick for me. I don't
    see any harmful side-effects (where would there be literal
    \n, \r or \t in HTML code apart from JavaScript?), but I
    might be missing something.

    *** Generators.py~ Thu Mar 14 06:50:28 2002
    --- Generators.py Tue Dec 17 20:19:41 2002
    ***************
    *** 88,93 ****
    --- 88,96 ----
    #self.chars = string.replace(self.chars,'\t','\\\\t')
    #self.chars = string.replace(self.chars, "'", "\\'")
    self.chars = string.replace(self.chars,'"',r'\"')
    + self.chars = string.replace(self.chars,r'\n',r'\\n')
    + self.chars = string.replace(self.chars,r'\t',r'\\t')
    + self.chars = string.replace(self.chars,r'\r',r'\\r')
    self.generateChunk(writer)

    def generateChunk\(self, writer, start=0, stop=None\):
    
     
  • Fazal Majid
    Fazal Majid
    2002-12-18

    Logged In: YES
    user_id=110477

    I forgot to add the \\ JavaScript literal, the patch should
    read:

    *** Generators.py.dist Wed Dec 18 11:04:27 2002
    --- Generators.py Wed Dec 18 11:04:56 2002
    ***************
    *** 87,93 ****
    --- 87,97 ----
    #self.chars = string.replace(self.chars,'"','\\"')
    #self.chars = string.replace(self.chars,'\t','\\\\t')
    #self.chars = string.replace(self.chars, "'", "\\'")
    + self.chars = string.replace(self.chars,r'\\',r'\\\\')
    self.chars = string.replace(self.chars,'"',r'\"')
    + self.chars = string.replace(self.chars,r'\n',r'\\n')
    + self.chars = string.replace(self.chars,r'\t',r'\\t')
    + self.chars = string.replace(self.chars,r'\r',r'\\r')
    self.generateChunk(writer)

    def generateChunk\(self, writer, start=0, stop=None\):
    

    Note the order is important - you don't want the escaped \ in \n -> \\n to be re-escaped into \\\\n...

     
    • status: open --> closed
     
  • Logged In: YES
    user_id=326269

    This should be fixed in release 0.8