Opened 13 years ago

Closed 10 years ago

Last modified 10 years ago

#17719 closed Cleanup/optimization (fixed)

Document that template syntax sequences cannot be used as string literals

Reported by: development@… Owned by: nobody
Component: Documentation Version: 1.3
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Django template parsing (Lexer) looks for the first occurrence of %} after a {% when determining what a block tag is. This prevents the use of "%}" as a string literal. So a template syntax error will be raised for the following valid expressions:

  {% include "template.html" tvar="Some string literal with %} in it." %}
  {% with tvar="Some string literal with %} in it." %}{% endwith %}

This is also true for variable tag parsing. Example:

  {{ some.variable|default:"}}" }}

If this is expected/intended behavior, it doesn't appear to be documented anywhere.

The actual fix doesn't look trivial, but shouldn't be too bad. I could help with a fix if there's interest in that.

Attachments (1)

17719.diff (1.4 KB ) - added by Tim Graham 10 years ago.

Download all attachments as: .zip

Change History (6)

comment:1 by Łukasz Rekucki, 13 years ago

Component: Template systemDocumentation
Triage Stage: UnreviewedAccepted

I don't think it's possible to fix this without either an API change or adding some escape sequence (which could also be backwards incompatible). There is one place this is documented: https://docs.djangoproject.com/en/dev/ref/templates/builtins/#templatetag. It doesn't explicitly mention string literals, but OTOH there is no strict concept of string literals in the docs. Maybe add a section about them here, between Variables and Filters. This could also include this edge case.

in reply to:  1 comment:2 by Glenn Washburn <development@…>, 13 years ago

Replying to lrekucki:

I don't think it's possible to fix this without either an API change or adding some escape sequence (which could also be backwards incompatible). There is one place this is documented: https://docs.djangoproject.com/en/dev/ref/templates/builtins/#templatetag. It doesn't explicitly mention string literals, but OTOH there is no strict concept of string literals in the docs. Maybe add a section about them here, between Variables and Filters. This could also include this edge case.

The documentation for templatetag states: "to display one of the bits used in template tags". This is definitely misleading if its supposed to cover this issue because the string literal need not be displayed anywhere. It could for instance just be a string literal passed to a custom template tag for other purposes.

Thinking about it more, its worse than I thought. You're right, the fix would need to be pretty drastic. The crux of the issue is that Lexer (and Parser) doesn't know about string literals. But because tag contents can be anything, the Lexer wouldn't know how to parse them. I think the best solution is a documentation update for now.

comment:3 by Tim Graham, 10 years ago

Has patch: set
Summary: Improper parsing of template block and variable tagsDocument that template syntax sequences cannot be used as string literals
Type: BugCleanup/optimization

by Tim Graham, 10 years ago

Attachment: 17719.diff added

comment:4 by Tim Graham <timograham@…>, 10 years ago

Resolution: fixed
Status: newclosed

In e02f45d5ea767b0028ecf24bb5874992eb3ca7dd:

Fixed #17719 -- Documented that template syntax sequences cannot be used as string literals.

comment:5 by Tim Graham <timograham@…>, 10 years ago

In 34116ad71c5f934fc2702c32a8cd743f36a85479:

[1.7.x] Fixed #17719 -- Documented that template syntax sequences cannot be used as string literals.

Backport of e02f45d5ea from master

Note: See TracTickets for help on using tickets.
Back to Top