> On 02 Feb 2017, at 22:47, Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote:
>
> The docs comments coming in through pgsql-docs look like this:
>
> select instr('010000101001001','1',-1) from dual
>
> Can the escaping be fixed?
AFAIU with Django, to avoid the escaping the form content would have to be
marked safe which seems.. unsafe. Given the nature of SQL and the comments we
get, perhaps the simple approach is to just replace the unicode quote since it
will be quite common? Something along the lines of the (untested) diff below?
--- a/pgweb/docs/views.py
+++ b/pgweb/docs/views.py
@@ -130,7 +130,7 @@ def commentform(request, itemid, version, filename):
'docs/docsbugmail.txt',{ 'version': version,
'filename': filename,
- 'details': form.cleaned_data['details'],
+ 'details': form.cleaned_data['details'].replace(''', "'"),
}, usergenerated=True, )
cheers ./daniel