Ticket #6160: validation-escaping.4.diff
| File validation-escaping.4.diff, 9.7 KB (added by , 16 years ago) |
|---|
-
django/contrib/auth/tests/forms.py
=== modified file 'django/contrib/auth/tests/forms.py'
42 42 >>> form.is_valid() 43 43 False 44 44 >>> form["password2"].errors 45 [u "The two password fields didn't match."]45 [u'The two password fields didn't match.'] 46 46 47 47 The success case. 48 48 … … 107 107 >>> form.is_valid() 108 108 False 109 109 >>> form["new_password2"].errors 110 [u "The two password fields didn't match."]110 [u'The two password fields didn't match.'] 111 111 112 112 The success case. 113 113 … … 145 145 >>> form.is_valid() 146 146 False 147 147 >>> form["new_password2"].errors 148 [u "The two password fields didn't match."]148 [u'The two password fields didn't match.'] 149 149 150 150 The success case. 151 151 -
django/contrib/auth/tests/views.py
=== modified file 'django/contrib/auth/tests/views.py'
13 13 response = self.client.get('/password_reset/') 14 14 self.assertEquals(response.status_code, 200) 15 15 response = self.client.post('/password_reset/', {'email': 'not_a_real_email@email.com'}) 16 self.assertContains(response, "That e-mail address doesn 't have an associated user account")16 self.assertContains(response, "That e-mail address doesn't have an associated user account") 17 17 self.assertEquals(len(mail.outbox), 0) 18 18 19 19 def test_email_found(self): … … 84 84 response = self.client.post(path, {'new_password1': 'anewpassword', 85 85 'new_password2':' x'}) 86 86 self.assertEquals(response.status_code, 200) 87 self.assert_("The two password fields didn 't match" in response.content)87 self.assert_("The two password fields didn't match" in response.content) 88 88 -
django/forms/forms.py
=== modified file 'django/forms/forms.py'
5 5 from copy import deepcopy 6 6 7 7 from django.utils.datastructures import SortedDict 8 from django.utils.html import escape 8 from django.utils.html import escape, conditional_escape 9 9 from django.utils.encoding import StrAndUnicode, smart_unicode, force_unicode 10 10 from django.utils.safestring import mark_safe 11 11 … … 134 134 output, hidden_fields = [], [] 135 135 for name, field in self.fields.items(): 136 136 bf = BoundField(self, field, name) 137 bf_errors = self.error_class([ escape(error) for error in bf.errors]) # Escape and cache in local variable.137 bf_errors = self.error_class([conditional_escape(error) for error in bf.errors]) # Escape and cache in local variable. 138 138 if bf.is_hidden: 139 139 if bf_errors: 140 140 top_errors.extend([u'(Hidden field %s) %s' % (name, force_unicode(e)) for e in bf_errors]) -
django/forms/util.py
=== modified file 'django/forms/util.py'
1 from django.utils.html import escape1 from django.utils.html import conditional_escape 2 2 from django.utils.encoding import smart_unicode, StrAndUnicode, force_unicode 3 3 from django.utils.safestring import mark_safe 4 4 … … 9 9 XML-style pairs. It is assumed that the keys do not need to be XML-escaped. 10 10 If the passed dictionary is empty, then return an empty string. 11 11 """ 12 return u''.join([u' %s="%s"' % (k, escape(v)) for k, v in attrs.items()])12 return mark_safe(u''.join([u' %s="%s"' % (k, conditional_escape(v)) for k, v in attrs.items()])) 13 13 14 14 class ErrorDict(dict, StrAndUnicode): 15 15 """ … … 55 55 a string) or a list of objects. 56 56 """ 57 57 if isinstance(message, list): 58 self.messages = ErrorList([ smart_unicode(msg) for msg in message])58 self.messages = ErrorList([conditional_escape(smart_unicode(msg)) for msg in message]) 59 59 else: 60 message = smart_unicode(message)60 message = conditional_escape(smart_unicode(message)) 61 61 self.messages = ErrorList([message]) 62 62 63 63 def __str__(self): -
tests/regressiontests/forms/localflavor/ch.py
=== modified file 'tests/regressiontests/forms/localflavor/ch.py'
41 41 >>> f.clean('C1234567<1') 42 42 Traceback (most recent call last): 43 43 ... 44 ValidationError: [u'Enter a valid Swiss identity or passport card number in X1234567 <0 or 1234567890 format.']44 ValidationError: [u'Enter a valid Swiss identity or passport card number in X1234567<0 or 1234567890 format.'] 45 45 >>> f.clean('2123456700') 46 46 u'2123456700' 47 47 >>> f.clean('2123456701') 48 48 Traceback (most recent call last): 49 49 ... 50 ValidationError: [u'Enter a valid Swiss identity or passport card number in X1234567 <0 or 1234567890 format.']50 ValidationError: [u'Enter a valid Swiss identity or passport card number in X1234567<0 or 1234567890 format.'] 51 51 52 52 # CHStateSelect ############################################################# 53 53 -
tests/regressiontests/forms/util.py
=== modified file 'tests/regressiontests/forms/util.py'
7 7 >>> from django.forms.util import * 8 8 >>> from django.utils.translation import ugettext_lazy 9 9 10 # Escaping. 11 >>> from django.utils.html import escape 12 >>> from django.utils.html import conditional_escape 13 >>> script = "$('#example').html('<a href=\"http://www.example.com/\">example</a>');" 14 10 15 ########### 11 16 # flatatt # 12 17 ########### … … 19 24 >>> flatatt({}) 20 25 u'' 21 26 27 # Escaping. 28 29 >>> flatatt({'onclick': script}) 30 u' onclick="$('#example').html('<a href="http://www.example.com/">example</a>');"' 31 >>> flatatt({'onclick': escape(script)}) 32 u' onclick="$('#example').html('<a href="http://www.example.com/">example</a>');"' 33 >>> flatatt({'onclick': conditional_escape(script)}) 34 u' onclick="$('#example').html('<a href="http://www.example.com/">example</a>');"' 35 36 >>> conditional_escape(flatatt({'onclick': script})) 37 u' onclick="$('#example').html('<a href="http://www.example.com/">example</a>');"' 38 >>> conditional_escape(flatatt({'onclick': escape(script)})) 39 u' onclick="$('#example').html('<a href="http://www.example.com/">example</a>');"' 40 >>> conditional_escape(flatatt({'onclick': conditional_escape(script)})) 41 u' onclick="$('#example').html('<a href="http://www.example.com/">example</a>');"' 42 22 43 ################### 23 44 # ValidationError # 24 45 ################### … … 49 70 # Can take a non-string. 50 71 >>> print ValidationError(VeryBadError()).messages 51 72 <ul class="errorlist"><li>A very bad error.</li></ul> 73 74 # Escaping. 75 76 >>> print ValidationError(script).messages 77 <ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul> 78 >>> print ValidationError(escape(script)).messages 79 <ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul> 80 >>> print ValidationError(conditional_escape(script)).messages 81 <ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul> 82 >>> print ErrorDict({'example': ValidationError(script).messages}) 83 <ul class="errorlist"><li>example<ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul></li></ul> 84 >>> print ErrorDict({'example': ValidationError(escape(script)).messages}) 85 <ul class="errorlist"><li>example<ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul></li></ul> 86 >>> print ErrorDict({'example': ValidationError(conditional_escape(script)).messages}) 87 <ul class="errorlist"><li>example<ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul></li></ul> 88 89 >>> print conditional_escape(unicode(ValidationError(script).messages)) 90 <ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul> 91 >>> print conditional_escape(unicode(ValidationError(escape(script)).messages)) 92 <ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul> 93 >>> print conditional_escape(unicode(ValidationError(conditional_escape(script)).messages)) 94 <ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul> 95 >>> print conditional_escape(unicode(ErrorDict({'example': ValidationError(script).messages}))) 96 <ul class="errorlist"><li>example<ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul></li></ul> 97 >>> print conditional_escape(unicode(ErrorDict({'example': ValidationError(escape(script)).messages}))) 98 <ul class="errorlist"><li>example<ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul></li></ul> 99 >>> print conditional_escape(unicode(ErrorDict({'example': ValidationError(conditional_escape(script)).messages}))) 100 <ul class="errorlist"><li>example<ul class="errorlist"><li>$('#example').html('<a href="http://www.example.com/">example</a>');</li></ul></li></ul> 101 52 102 """