#17719 closed Cleanup/optimization (fixed)
Document that template syntax sequences cannot be used as string literals
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | Documentation | Version: | 1.3 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Django template parsing (Lexer) looks for the first occurrence of %} after a {% when determining what a block tag is. This prevents the use of "%}" as a string literal. So a template syntax error will be raised for the following valid expressions:
{% include "template.html" tvar="Some string literal with %} in it." %}
{% with tvar="Some string literal with %} in it." %}{% endwith %}
This is also true for variable tag parsing. Example:
{{ some.variable|default:"}}" }}
If this is expected/intended behavior, it doesn't appear to be documented anywhere.
The actual fix doesn't look trivial, but shouldn't be too bad. I could help with a fix if there's interest in that.
Attachments (1)
Change History (6)
follow-up: 2 comment:1 by , 13 years ago
| Component: | Template system → Documentation |
|---|---|
| Triage Stage: | Unreviewed → Accepted |
comment:2 by , 13 years ago
Replying to lrekucki:
I don't think it's possible to fix this without either an API change or adding some escape sequence (which could also be backwards incompatible). There is one place this is documented: https://docs.djangoproject.com/en/dev/ref/templates/builtins/#templatetag. It doesn't explicitly mention string literals, but OTOH there is no strict concept of string literals in the docs. Maybe add a section about them here, between Variables and Filters. This could also include this edge case.
The documentation for templatetag states: "to display one of the bits used in template tags". This is definitely misleading if its supposed to cover this issue because the string literal need not be displayed anywhere. It could for instance just be a string literal passed to a custom template tag for other purposes.
Thinking about it more, its worse than I thought. You're right, the fix would need to be pretty drastic. The crux of the issue is that Lexer (and Parser) doesn't know about string literals. But because tag contents can be anything, the Lexer wouldn't know how to parse them. I think the best solution is a documentation update for now.
comment:3 by , 10 years ago
| Has patch: | set |
|---|---|
| Summary: | Improper parsing of template block and variable tags → Document that template syntax sequences cannot be used as string literals |
| Type: | Bug → Cleanup/optimization |
by , 10 years ago
| Attachment: | 17719.diff added |
|---|
comment:4 by , 10 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
I don't think it's possible to fix this without either an API change or adding some escape sequence (which could also be backwards incompatible). There is one place this is documented: https://docs.djangoproject.com/en/dev/ref/templates/builtins/#templatetag. It doesn't explicitly mention string literals, but OTOH there is no strict concept of string literals in the docs. Maybe add a section about them here, between Variables and Filters. This could also include this edge case.