Home > mailing lists

Re: [pgsql-www] escapes in submitted docs comments - Mailing list pgsql-www

From	Daniel Gustafsson
Subject	Re: [pgsql-www] escapes in submitted docs comments
Date	February 15, 2017 16:08:43
Msg-id	3CA6670D-F069-4A4C-A12A-560A20447A4E@yesql.se Whole thread Raw
In response to	[pgsql-www] escapes in submitted docs comments (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>)
Responses	Re: [pgsql-www] escapes in submitted docs comments (Alvaro Herrera <alvherre@2ndquadrant.com>)
List	pgsql-www

Tree view

> On 02 Feb 2017, at 22:47, Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote:
>
> The docs comments coming in through pgsql-docs look like this:
>
> select instr('010000101001001','1',-1) from dual
>
> Can the escaping be fixed?

AFAIU with Django, to avoid the escaping the form content would have to be
marked safe which seems..  unsafe.  Given the nature of SQL and the comments we
get, perhaps the simple approach is to just replace the unicode quote since it
will be quite common?  Something along the lines of the (untested) diff below?

--- a/pgweb/docs/views.py
+++ b/pgweb/docs/views.py
@@ -130,7 +130,7 @@ def commentform(request, itemid, version, filename):
'docs/docsbugmail.txt',{                                       'version': version,
'filename': filename, 
-                                       'details': form.cleaned_data['details'],
+                                       'details': form.cleaned_data['details'].replace(''', "'"),
            },                               usergenerated=True,                       ) 
cheers ./daniel

pgsql-www by date:

From: Daniel Gustafsson
Date: 15 February 2017, 14:20:12
Subject: [pgsql-www] Remove left-over mention of Alpha releases

From: Alvaro Herrera
Date: 15 February 2017, 17:52:01
Subject: Re: [pgsql-www] escapes in submitted docs comments

Re: [pgsql-www] escapes in submitted docs comments - Mailing list pgsql-www

Previous

Next