5 1. autoescape 'html' |escape('js')
7 {% autoescape 'html' %}
8 <a onclick="alert("{{ msg|escape('js') }}")"></a>
11 2. autoescape 'html' |escape('js')
13 {% autoescape 'html' %}
14 <a onclick="alert("{{ msg|escape('js') }}")"></a>
17 3. autoescape 'js' |escape('js')
20 <a onclick="alert("{{ msg|escape('js') }}")"></a>
25 {% autoescape false %}
26 <a onclick="alert("{{ msg }}")"></a>
29 5. |escape('js')|escape('html')
31 {% autoescape false %}
32 <a onclick="alert("{{ msg|escape('js')|escape('html') }}")"></a>
35 6. autoescape 'html' |escape('js')|escape('html')
37 {% autoescape 'html' %}
38 <a onclick="alert("{{ msg|escape('js')|escape('html') }}")"></a>
42 return array('msg' => "<>\n'\"")
45 1. autoescape 'html' |escape('js')
47 <a onclick="alert("\x3C\x3E\x0A\x27\x22")"></a>
49 2. autoescape 'html' |escape('js')
51 <a onclick="alert("\x3C\x3E\x0A\x27\x22")"></a>
53 3. autoescape 'js' |escape('js')
55 <a onclick="alert("\x3C\x3E\x0A\x27\x22")"></a>
59 <a onclick="alert("<>
62 5. |escape('js')|escape('html')
64 <a onclick="alert("\x3C\x3E\x0A\x27\x22")"></a>
66 6. autoescape 'html' |escape('js')|escape('html')
68 <a onclick="alert("\x3C\x3E\x0A\x27\x22")"></a>