Fixed json escaping in the tutorial. (django#1398)

mark_safe is not safe in a JS context!
shjohnson-pi · Jan 4, 2020 · ab2b75f · ab2b75f
1 parent 56bb2b9
commit ab2b75f
Showing 1 changed file with 3 additions and 6 deletions.
diff --git a/docs/tutorial/part_2.rst b/docs/tutorial/part_2.rst
@@ -38,7 +38,7 @@ Create the view template for the room view in ``chat/templates/chat/room.html``:
         <input id="chat-message-submit" type="button" value="Send"/>
     </body>
     <script>
-        var roomName = {{ room_name_json }};
+        var roomName = {{ room_name|escapejs }};
 
         var chatSocket = new WebSocket(
             'ws://' + window.location.host +
@@ -73,20 +73,17 @@ Create the view template for the room view in ``chat/templates/chat/room.html``:
     </script>
     </html>
 
-Create the view function for the room view in ``chat/views.py``.
-Add the imports of ``mark_safe`` and ``json`` and add the ``room`` view function::
+Create the view function for the room view in ``chat/views.py``::
 
     # chat/views.py
     from django.shortcuts import render
-    from django.utils.safestring import mark_safe
-    import json
 
     def index(request):
         return render(request, 'chat/index.html', {})
 
     def room(request, room_name):
         return render(request, 'chat/room.html', {
-            'room_name_json': mark_safe(json.dumps(room_name))
+            'room_name': room_name
         })
 
 Create the route for the room view in ``chat/urls.py``::