Ticket #6160: validation-escaping.3.diff
| File validation-escaping.3.diff, 9.2 KB (added by , 16 years ago) |
|---|
-
django/contrib/auth/tests/basic.py
=== modified file 'django/contrib/auth/tests/basic.py'
67 67 response = self.client.get('/password_reset/') 68 68 self.assertEquals(response.status_code, 200) 69 69 response = self.client.post('/password_reset/', {'email': 'not_a_real_email@email.com'}) 70 self.assertContains(response, "That e-mail address doesn 't have an associated user account")70 self.assertContains(response, "That e-mail address doesn't have an associated user account") 71 71 self.assertEquals(len(mail.outbox), 0) 72 72 73 73 def test_email_found(self): -
django/contrib/auth/tests/forms.py
=== modified file 'django/contrib/auth/tests/forms.py'
42 42 >>> form.is_valid() 43 43 False 44 44 >>> form["password2"].errors 45 [u "The two password fields didn't match."]45 [u'The two password fields didn't match.'] 46 46 47 47 The success case. 48 48 … … 119 119 >>> form.is_valid() 120 120 False 121 121 >>> form["new_password2"].errors 122 [u "The two password fields didn't match."]122 [u'The two password fields didn't match.'] 123 123 124 124 The success case. 125 125 -
django/forms/forms.py
=== modified file 'django/forms/forms.py'
5 5 from copy import deepcopy 6 6 7 7 from django.utils.datastructures import SortedDict 8 from django.utils.html import escape 8 from django.utils.html import escape, conditional_escape 9 9 from django.utils.encoding import StrAndUnicode, smart_unicode, force_unicode 10 10 from django.utils.safestring import mark_safe 11 11 … … 134 134 output, hidden_fields = [], [] 135 135 for name, field in self.fields.items(): 136 136 bf = BoundField(self, field, name) 137 bf_errors = self.error_class([ escape(error) for error in bf.errors]) # Escape and cache in local variable.137 bf_errors = self.error_class([conditional_escape(error) for error in bf.errors]) # Escape and cache in local variable. 138 138 if bf.is_hidden: 139 139 if bf_errors: 140 140 top_errors.extend([u'(Hidden field %s) %s' % (name, force_unicode(e)) for e in bf_errors]) -
django/forms/util.py
=== modified file 'django/forms/util.py'
1 from django.utils.html import escape1 from django.utils.html import conditional_escape 2 2 from django.utils.encoding import smart_unicode, StrAndUnicode, force_unicode 3 from django.utils.functional import Promise4 3 from django.utils.safestring import mark_safe 5 4 6 5 def flatatt(attrs): … … 10 9 XML-style pairs. It is assumed that the keys do not need to be XML-escaped. 11 10 If the passed dictionary is empty, then return an empty string. 12 11 """ 13 return u''.join([u' %s="%s"' % (k, escape(v)) for k, v in attrs.items()])12 return mark_safe(u''.join([u' %s="%s"' % (k, conditional_escape(v)) for k, v in attrs.items()])) 14 13 15 14 class ErrorDict(dict, StrAndUnicode): 16 15 """ … … 56 55 a string) or a list of objects. 57 56 """ 58 57 if isinstance(message, list): 59 self.messages = ErrorList([ smart_unicode(msg) for msg in message])58 self.messages = ErrorList([conditional_escape(smart_unicode(msg)) for msg in message]) 60 59 else: 61 message = smart_unicode(message)60 message = conditional_escape(smart_unicode(message)) 62 61 self.messages = ErrorList([message]) 63 62 64 63 def __str__(self): -
tests/regressiontests/forms/localflavor/ch.py
=== modified file 'tests/regressiontests/forms/localflavor/ch.py'
41 41 >>> f.clean('C1234567<1') 42 42 Traceback (most recent call last): 43 43 ... 44 ValidationError: [u'Enter a valid Swiss identity or passport card number in X1234567 <0 or 1234567890 format.']44 ValidationError: [u'Enter a valid Swiss identity or passport card number in X1234567<0 or 1234567890 format.'] 45 45 >>> f.clean('2123456700') 46 46 u'2123456700' 47 47 >>> f.clean('2123456701') 48 48 Traceback (most recent call last): 49 49 ... 50 ValidationError: [u'Enter a valid Swiss identity or passport card number in X1234567 <0 or 1234567890 format.']50 ValidationError: [u'Enter a valid Swiss identity or passport card number in X1234567<0 or 1234567890 format.'] 51 51 52 52 # CHStateSelect ############################################################# 53 53 -
tests/regressiontests/forms/util.py
=== modified file 'tests/regressiontests/forms/util.py'
7 7 >>> from django.forms.util import * 8 8 >>> from django.utils.translation import ugettext_lazy 9 9 10 # Escaping. 11 >>> from django.utils.html import escape 12 >>> from django.utils.html import conditional_escape 13 >>> script = "$('#example').html('<a href=\"http://www.example.com/\">example</a>');" 14 10 15 ########### 11 16 # flatatt # 12 17 ########### … … 19 24 >>> flatatt({}) 20 25 u'' 21 26 27 # Escaping. 28 29 >>> flatatt({'onclick': script}) 30 u' onclick="$('#example').html('<a href="http://www.example.com/">example</a>');"' 31 >>> flatatt({'onclick': escape(script)}) 32 u' onclick="$('#example').html('<a href="http://www.example.com/">example</a>');"' 33 >>> flatatt({'onclick': conditional_escape(script)}) 34 u' onclick="$('#example').html('<a href="http://www.example.com/">example</a>');"' 35 36 >>> conditional_escape(flatatt({'onclick': script})) 37 u' onclick="$('#example').html('<a href="http://www.example.com/">example</a>');"' 38 >>> conditional_escape(flatatt({'onclick': escape(script)})) 39 u' onclick="$('#example').html('<a href="http://www.example.com/">example</a>');"' 40 >>> conditional_escape(flatatt({'onclick': conditional_escape(script)})) 41 u' onclick="$('#example').html('<a href="http://www.example.com/">example</a>');"' 42 22 43 ################### 23 44 # ValidationError # 24 45 ################### … … 49 70 # Can take a non-string. 50 71 >>> print ValidationError(VeryBadError()).messages 51 72 <ul class="errorlist"><li>A very bad error.</li></ul> 73 74 # Escaping. 75 76 >>> print ValidationError(script).messages 77 <ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul> 78 >>> print ValidationError(escape(script)).messages 79 <ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul> 80 >>> print ValidationError(conditional_escape(script)).messages 81 <ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul> 82 >>> print ErrorDict({'example': ValidationError(script).messages}) 83 <ul class="errorlist"><li>example<ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul></li></ul> 84 >>> print ErrorDict({'example': ValidationError(escape(script)).messages}) 85 <ul class="errorlist"><li>example<ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul></li></ul> 86 >>> print ErrorDict({'example': ValidationError(conditional_escape(script)).messages}) 87 <ul class="errorlist"><li>example<ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul></li></ul> 88 89 >>> print conditional_escape(unicode(ValidationError(script).messages)) 90 <ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul> 91 >>> print conditional_escape(unicode(ValidationError(escape(script)).messages)) 92 <ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul> 93 >>> print conditional_escape(unicode(ValidationError(conditional_escape(script)).messages)) 94 <ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul> 95 >>> print conditional_escape(unicode(ErrorDict({'example': ValidationError(script).messages}))) 96 <ul class="errorlist"><li>example<ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul></li></ul> 97 >>> print conditional_escape(unicode(ErrorDict({'example': ValidationError(escape(script)).messages}))) 98 <ul class="errorlist"><li>example<ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul></li></ul> 99 >>> print conditional_escape(unicode(ErrorDict({'example': ValidationError(conditional_escape(script)).messages}))) 100 <ul class="errorlist"><li>example<ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul></li></ul> 101 52 102 """