I am trying to pass two dates to a javascript datepicker so that the picker can display the current dates held in the record that is about to be updated using UpdateView.
I understand that simply passing the variables via a template tag of, say: {{ form.check_in.value }} is vulnerable to XSS, so I want to do this in a secure way.
The best way seems to be via def get_context_data() where I have the following code:
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context['guest'] = GuestLead.objects.get(pk=self.object.guest_lead_id.pk)
context['dates'] = json.dumps({'check_in': '2022-09-01', 'check_out': '2022-09-10'})
and then the template tag would look like:
´´´
{{ dates|json_script:“check_in” }}
´´
Which renders as this:
<script id="check_in" type="application/json">"{\"check_in\": \"2022-09-01\", \"check_out\": \"2022-09-10\"}"</script>
What I need to know is how I can access the date records so that I can make the get_context_data, context[‘dates’] = json.dumps({‘check_in’: ‘2022-09-01’, ‘check_out’: ‘2022-09-10’}) reflect the database record values before they are updated.
I would rather not make another wasteful query as the data must be available in the self.object.
Maybe I’m on the wrong track?