lukas/timetracker
1
0
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects 1 Releases 23 Wiki Activity

Automatically escape text in components

Browse Source
This commit is contained in:
Lukáš Kucharczyk
2026-06-02 16:09:39 +02:00
parent 66ec8e1eed
commit ad47684dc1
2 changed files with 27 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
common/components.py
+3 -4
View File
@@ -8,6 +8,7 @@ from django.template import TemplateDoesNotExist
from django.template.defaultfilters import floatformat
from django.template.loader import render_to_string
from django.urls import reverse
from django.utils.html import conditional_escape
from django.utils.safestring import SafeText, mark_safe
from common.utils import truncate
@@ -47,13 +48,11 @@ def Component(
raise ValueError("One of template or tag_name is required.")
if isinstance(children, str):
children = [children]
childrenBlob = "\n".join(children)
childrenBlob = "\n".join(conditional_escape(child) for child in children)
if len(attributes) == 0:
attributesBlob = ""
else:
attributesList = [f'{name}="{value}"' for name, value in attributes]
# make attribute list into a string
# and insert space between tag and attribute list
attributesList = [f'{name}="{conditional_escape(str(value))}"' for name, value in attributes]
attributesBlob = f" {' '.join(attributesList)}"
tag: str = ""
if tag_name != "":