From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
---|---|
To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
Cc: | pgsql-www(at)postgresql(dot)org |
Subject: | Re: escapes in submitted docs comments |
Date: | 2017-02-15 10:08:43 |
Message-ID: | 3CA6670D-F069-4A4C-A12A-560A20447A4E@yesql.se |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-www |
> On 02 Feb 2017, at 22:47, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
>
> The docs comments coming in through pgsql-docs look like this:
>
> select instr('010000101001001','1',-1) from dual
>
> Can the escaping be fixed?
AFAIU with Django, to avoid the escaping the form content would have to be
marked safe which seems.. unsafe. Given the nature of SQL and the comments we
get, perhaps the simple approach is to just replace the unicode quote since it
will be quite common? Something along the lines of the (untested) diff below?
--- a/pgweb/docs/views.py
+++ b/pgweb/docs/views.py
@@ -130,7 +130,7 @@ def commentform(request, itemid, version, filename):
'docs/docsbugmail.txt', {
'version': version,
'filename': filename,
- 'details': form.cleaned_data['details'],
+ 'details': form.cleaned_data['details'].replace(''', "'"),
},
usergenerated=True,
)
cheers ./daniel
From | Date | Subject | |
---|---|---|---|
Next Message | Alvaro Herrera | 2017-02-15 11:52:01 | Re: escapes in submitted docs comments |
Previous Message | Daniel Gustafsson | 2017-02-15 08:20:12 | Remove left-over mention of Alpha releases |