> On Jan 2, 4:43 pm, Malcolm Tredinnick <[EMAIL PROTECTED]>
> wrote:
>
>
>
> > On Wed, 2008-01-02 at 15:38 -0800, grahamu wrote:
> > > Hi,
> > > I'm having a problem with Django "HTML escaping" JSON data sent in
> > > response to an asynchronous form submission when the form has an
> > > <input type="file" ...> field. Forms that don't have a file field
> > > yield proper responses, and when Javascript is disabled on the browser
> > > normal form submissions work as well.
>
> > > I'm using the Yahoo User Interface library, specifically the Dialog &
> > > Connection Manager components, to send and receive asynchronous
> > > messages to/from my view.
>
> > > As an example, the JSON response seen by the javascript might be:
>
> > > "<pre>{\"valid\": false, \"errors\": {\"options\": \"<ul class=\
> > > \"errorlist\\"><li>This field is required.<\/li><\/
> > > ul>\"}}</pre>"
>
> > > when it should be:
>
> > > "{\"valid\": false, \"errors\": {\"options\": \"<ul class=\
> > > \"errorlist\\"><li>This field is required.<\/li><\/ul>\"}}"
>
> > > You can see that the Django system encapsulates the entire response in
> > > <pre></pre> tags. Additionally, the underlying error message HTML is
> > > also escaped.
>
> > > Does anyone know why this escaping might be happening? Can you suggest
> > > how I might avoid the escaping of the response?
>
> > Both the "why" and the "how" are documented in docs/templates_python.txt
> > in the source. The short answer is that any time a variable is rendered
> > into a template auto-escaping is applied. If you don't want this to
> > happen, you can mark the particular variable as safe from further
> > escaping using either mark_safe() in your view (probably the best
> > approach -- marking it safe as soon as you know that fact) or in the
> > template with the "safe" filter ({{ some_var|safe }}) or wrap an entire
> > section of the template within the {% autoescape off %} ... {%
> > endautoescape %} template tag.
>
> > Regards,
> > Malcolm
>
> > --
> > A conclusion is the place where you got tired of
> > thinking.http://www.pointy-stick.com/blog/
>
> Malcom,
> Thanks for your speedy response. I don't believe this is a template
> issue as I'm returning a JSON response and not rendering to a
> template.
>
> The view code logic:
>
> if not form.is_valid():
> return JSONFormErrors(form)
> else:
> # return some other data
>
> and:
>
> def JSONFormErrors(form):
> errors = form.errors
> response_dict = {}
> response_dict.update({'valid': not errors})
> response_dict.update({'errors': errors})
> return JsonResponse(response_dict)
>
> class JsonResponse(HttpResponse):
> def __init__(self, data):
> HttpResponse.__init__(self, json_encode(data),
> mimetype='application/javascript')
>
> json_encode is a version of Wolfgang Kriesing's encoder (http://
> dpaste.com/hold/25654/).
Just to be clear, the encoding problem _does not_ occur when the form
does not have an <input type="file"> field. Form errors are returned
in the JSON string in perfect form, no HTML escaping happens. And the
view logic (code path) is identical whether or not a file input field
is present in the form.
Graham
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
