Ticket #5730: widget_escaping.diff

File widget_escaping.diff, 7.9 kB (added by SmileyChris, 1 year ago)

tests/regressiontests/forms/widgets.py

old	new
2	2	tests = r"""
3	3	>>> from django.newforms import *
4	4	>>> from django.newforms.widgets import RadioFieldRenderer
	5	>>> from django.utils.safestring import mark_safe
5	6	>>> import datetime
6	7	>>> import time
7	8	>>> import re
…	…
205	206	u'<textarea rows="10" cols="40" name="msg">value</textarea>'
206	207	>>> w.render('msg', 'some "quoted" & ampersanded value')
207	208	u'<textarea rows="10" cols="40" name="msg">some "quoted" & ampersanded value</textarea>'
	209	>>> w.render('msg', mark_safe('pre "quoted" value'))
	210	u'<textarea rows="10" cols="40" name="msg">pre "quoted" value</textarea>'
208	211	>>> w.render('msg', 'value', attrs={'class': 'pretty', 'rows': 20})
209	212	u'<textarea class="pretty" rows="20" cols="40" name="msg">value</textarea>'
210	213
…	…
375	378	<option value="5">5</option>
376	379	</select>
377	380
	381	# Choices are escaped correctly
	382	>>> print w.render('escape', None, choices=(('bad', 'you & me'), ('good', mark_safe('you > me'))))
	383	<select name="escape">
	384	<option value="1">1</option>
	385	<option value="2">2</option>
	386	<option value="3">3</option>
	387	<option value="bad">you & me</option>
	388	<option value="good">you > me</option>
	389	</select>
	390
	391	# Unicode choices are correctly rendered as HTML
378	392	>>> w.render('email', 'ŠĐĆŽćžšđ', choices=[('ŠĐĆŽćžšđ', 'ŠĐabcĆŽćžšđ'), ('ćžšđ', 'abcćžšđ')])
379	393	u'<select name="email">\n<option value="1">1</option>\n<option value="2">2</option>\n<option value="3">3</option>\n<option value="\u0160\u0110\u0106\u017d\u0107\u017e\u0161\u0111" selected="selected">\u0160\u0110abc\u0106\u017d\u0107\u017e\u0161\u0111</option>\n<option value="\u0107\u017e\u0161\u0111">abc\u0107\u017e\u0161\u0111</option>\n</select>'
380	394
…	…
538	552	<option value="5">5</option>
539	553	</select>
540	554
	555	# Choices are escaped correctly
	556	>>> print w.render('escape', None, choices=(('bad', 'you & me'), ('good', mark_safe('you > me'))))
	557	<select multiple="multiple" name="escape">
	558	<option value="1">1</option>
	559	<option value="2">2</option>
	560	<option value="3">3</option>
	561	<option value="bad">you & me</option>
	562	<option value="good">you > me</option>
	563	</select>
	564
	565	# Unicode choices are correctly rendered as HTML
541	566	>>> w.render('nums', ['ŠĐĆŽćžšđ'], choices=[('ŠĐĆŽćžšđ', 'ŠĐabcĆŽćžšđ'), ('ćžšđ', 'abcćžšđ')])
542	567	u'<select multiple="multiple" name="nums">\n<option value="1">1</option>\n<option value="2">2</option>\n<option value="3">3</option>\n<option value="\u0160\u0110\u0106\u017d\u0107\u017e\u0161\u0111" selected="selected">\u0160\u0110abc\u0106\u017d\u0107\u017e\u0161\u0111</option>\n<option value="\u0107\u017e\u0161\u0111">abc\u0107\u017e\u0161\u0111</option>\n</select>'
543	568
…	…
682	707	...
683	708	IndexError: list index out of range
684	709
	710	# Choices are escaped correctly
	711	>>> w = RadioSelect()
	712	>>> print w.render('escape', None, choices=(('bad', 'you & me'), ('good', mark_safe('you > me'))))
	713	<ul>
	714	<li><label><input type="radio" name="escape" value="bad" /> you & me</label></li>
	715	<li><label><input type="radio" name="escape" value="good" /> you > me</label></li>
	716	</ul>
	717
685	718	# Unicode choices are correctly rendered as HTML
686	719	>>> w = RadioSelect()
687	720	>>> unicode(w.render('email', 'ŠĐĆŽćžšđ', choices=[('ŠĐĆŽćžšđ', 'ŠĐabcĆŽćžšđ'), ('ćžšđ', 'abcćžšđ')]))
…	…
811	844	<li><label><input type="checkbox" name="nums" value="5" /> 5</label></li>
812	845	</ul>
813	846
	847	# Choices are escaped correctly
	848	>>> print w.render('escape', None, choices=(('bad', 'you & me'), ('good', mark_safe('you > me'))))
	849	<ul>
	850	<li><label><input type="checkbox" name="escape" value="1" /> 1</label></li>
	851	<li><label><input type="checkbox" name="escape" value="2" /> 2</label></li>
	852	<li><label><input type="checkbox" name="escape" value="3" /> 3</label></li>
	853	<li><label><input type="checkbox" name="escape" value="bad" /> you & me</label></li>
	854	<li><label><input type="checkbox" name="escape" value="good" /> you > me</label></li>
	855	</ul>
	856
	857	# Unicode choices are correctly rendered as HTML
814	858	>>> w.render('nums', ['ŠĐĆŽćžšđ'], choices=[('ŠĐĆŽćžšđ', 'ŠĐabcĆŽćžšđ'), ('ćžšđ', 'abcćžšđ')])
815	859	u'<ul>\n<li><label><input type="checkbox" name="nums" value="1" /> 1</label></li>\n<li><label><input type="checkbox" name="nums" value="2" /> 2</label></li>\n<li><label><input type="checkbox" name="nums" value="3" /> 3</label></li>\n<li><label><input checked="checked" type="checkbox" name="nums" value="\u0160\u0110\u0106\u017d\u0107\u017e\u0161\u0111" /> \u0160\u0110abc\u0106\u017d\u0107\u017e\u0161\u0111</label></li>\n<li><label><input type="checkbox" name="nums" value="\u0107\u017e\u0161\u0111" /> abc\u0107\u017e\u0161\u0111</label></li>\n</ul>'
816	860

django/newforms/widgets.py

old	new
11	11	from itertools import chain
12	12
13	13	from django.utils.datastructures import MultiValueDict
14		from django.utils.html import escape
	14	from django.utils.html import escape, conditional_escape
15	15	from django.utils.translation import ugettext
16	16	from django.utils.encoding import StrAndUnicode, force_unicode
17	17	from django.utils.safestring import mark_safe
…	…
155	155	value = force_unicode(value)
156	156	final_attrs = self.build_attrs(attrs, name=name)
157	157	return mark_safe(u'<textarea%s>%s</textarea>' % (flatatt(final_attrs),
158		~~escape(value~~)))
	158	conditional_escape(force_unicode(value))))
159	159
160	160	class DateTimeInput(Input):
161	161	input_type = 'text'
…	…
217	217	for option_value, option_label in chain(self.choices, choices):
218	218	option_value = force_unicode(option_value)
219	219	selected_html = (option_value == str_value) and u' selected="selected"' or ''
220		output.append(u'<option value="%s"%s>%s</option>' % (escape(option_value), selected_html, escape(force_unicode(option_label))))
	220	output.append(u'<option value="%s"%s>%s</option>' % (
	221	escape(option_value), selected_html,
	222	conditional_escape(force_unicode(option_label))))
221	223	output.append(u'</select>')
222	224	return mark_safe(u'\n'.join(output))
223	225
…	…
254	256	for option_value, option_label in chain(self.choices, choices):
255	257	option_value = force_unicode(option_value)
256	258	selected_html = (option_value in str_values) and ' selected="selected"' or ''
257		output.append(u'<option value="%s"%s>%s</option>' % (escape(option_value), selected_html, escape(force_unicode(option_label))))
	259	output.append(u'<option value="%s"%s>%s</option>' % (
	260	escape(option_value), selected_html,
	261	conditional_escape(force_unicode(option_label))))
258	262	output.append(u'</select>')
259	263	return mark_safe(u'\n'.join(output))
260	264
…	…
278	282
279	283	def __unicode__(self):
280	284	return mark_safe(u'<label>%s %s</label>' % (self.tag(),
281		~~self.choice_label~~))
	285	conditional_escape(force_unicode(self.choice_label))))
282	286
283	287	def is_checked(self):
284	288	return self.value == self.choice_value
…	…
361	365	cb = CheckboxInput(final_attrs, check_test=lambda value: value in str_values)
362	366	option_value = force_unicode(option_value)
363	367	rendered_cb = cb.render(name, option_value)
364		output.append(u'<li><label>%s %s</label></li>' % (rendered_cb, escape(force_unicode(option_label))))
	368	output.append(u'<li><label>%s %s</label></li>' % (rendered_cb,
	369	conditional_escape(force_unicode(option_label))))
365	370	output.append(u'</ul>')
366	371	return mark_safe(u'\n'.join(output))
367	372

Download in other formats:

Original Format

Code

Ticket #5730: widget_escaping.diff

tests/regressiontests/forms/widgets.py

django/newforms/widgets.py

Download in other formats: