Re: [Django] #36737: Escape C1 control sequence in `escapejs`

Mon, 17 Nov 2025 06:08:17 -0800 

#36737: Escape C1 control sequence in `escapejs`
---------------------------------+----------------------------------------
     Reporter:  Thibaut Decombe  |                    Owner:  farthestmage
         Type:  Bug              |                   Status:  assigned
    Component:  Template system  |                  Version:  5.2
     Severity:  Normal           |               Resolution:
     Keywords:                   |             Triage Stage:  Accepted
    Has patch:  0                |      Needs documentation:  0
  Needs tests:  1                |  Patch needs improvement:  1
Easy pickings:  1                |                    UI/UX:  0
---------------------------------+----------------------------------------
Changes (by Jacob Walls):

 * needs_better_patch:  0 => 1
 * needs_tests:  0 => 1
 * owner:  (none) => farthestmage
 * stage:  Unreviewed => Accepted
 * status:  new => assigned
 * type:  Cleanup/optimization => Bug

Comment:

 Okay, I think this is right.

 The [https://html.spec.whatwg.org/multipage/parsing.html HTML parsing
 standard] describes the parsing error `control-character-in-input-stream`
 like this:

 > This error occurs if the input stream contains a control code point that
 is not ASCII whitespace or U+0000 NULL. Such code points are parsed as-is
 and usually, where parsing rules don't apply any additional restrictions,
 make their way into the DOM.

 [https://infra.spec.whatwg.org/#control control] is defined here:

 > A control is a C0 control or a code point in the range U+007F DELETE to
 U+009F APPLICATION PROGRAM COMMAND, inclusive.

 The C1 control range is `U+0080 – U+009F`, so the additional characters
 that need escaping are C1 control characters plus `U+007F DELETE` (which
 is apparently sometimes grouped with C0 controls).

 See also [https://www.w3.org/TR/2021/NOTE-html53-20210128/syntax.html
 #preprocessing-the-input-stream HTML spec]

 PR doesn't escape `U+007F DELETE` and needs tests.
-- 
Ticket URL: <https://code.djangoproject.com/ticket/36737#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion visit 
https://groups.google.com/d/msgid/django-updates/0107019a9224fbfb-a7fc6566-0355-4fc2-83e9-108d6dc77a9f-000000%40eu-central-1.amazonses.com.

Reply via email to