> On Jan 2, 4:43 pm, Malcolm Tredinnick <[EMAIL PROTECTED]> > wrote: > > > > > On Wed, 2008-01-02 at 15:38 -0800, grahamu wrote: > > > Hi, > > > I'm having a problem with Django "HTML escaping" JSON data sent in > > > response to an asynchronous form submission when the form has an > > > <input type="file" ...> field. Forms that don't have a file field > > > yield proper responses, and when Javascript is disabled on the browser > > > normal form submissions work as well. > > > > I'm using the Yahoo User Interface library, specifically the Dialog & > > > Connection Manager components, to send and receive asynchronous > > > messages to/from my view. > > > > As an example, the JSON response seen by the javascript might be: > > > > "<pre>{\"valid\": false, \"errors\": {\"options\": \"<ul class=\ > > > \"errorlist\\"><li>This field is required.<\/li><\/ > > > ul>\"}}</pre>" > > > > when it should be: > > > > "{\"valid\": false, \"errors\": {\"options\": \"<ul class=\ > > > \"errorlist\\"><li>This field is required.<\/li><\/ul>\"}}" > > > > You can see that the Django system encapsulates the entire response in > > > <pre></pre> tags. Additionally, the underlying error message HTML is > > > also escaped. > > > > Does anyone know why this escaping might be happening? Can you suggest > > > how I might avoid the escaping of the response? > > > Both the "why" and the "how" are documented in docs/templates_python.txt > > in the source. The short answer is that any time a variable is rendered > > into a template auto-escaping is applied. If you don't want this to > > happen, you can mark the particular variable as safe from further > > escaping using either mark_safe() in your view (probably the best > > approach -- marking it safe as soon as you know that fact) or in the > > template with the "safe" filter ({{ some_var|safe }}) or wrap an entire > > section of the template within the {% autoescape off %} ... {% > > endautoescape %} template tag. > > > Regards, > > Malcolm > > > -- > > A conclusion is the place where you got tired of > > thinking.http://www.pointy-stick.com/blog/ > > Malcom, > Thanks for your speedy response. I don't believe this is a template > issue as I'm returning a JSON response and not rendering to a > template. > > The view code logic: > > if not form.is_valid(): > return JSONFormErrors(form) > else: > # return some other data > > and: > > def JSONFormErrors(form): > errors = form.errors > response_dict = {} > response_dict.update({'valid': not errors}) > response_dict.update({'errors': errors}) > return JsonResponse(response_dict) > > class JsonResponse(HttpResponse): > def __init__(self, data): > HttpResponse.__init__(self, json_encode(data), > mimetype='application/javascript') > > json_encode is a version of Wolfgang Kriesing's encoder (http:// > dpaste.com/hold/25654/).
Just to be clear, the encoding problem _does not_ occur when the form does not have an <input type="file"> field. Form errors are returned in the JSON string in perfect form, no HTML escaping happens. And the view logic (code path) is identical whether or not a file input field is present in the form. Graham --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---