Ticket #11778: 11778.diff

File 11778.diff, 6.5 KB (added by intelliyole, 4 years ago)

Patch against r16344 with updated expected test results

  • tests/regressiontests/admin_views/tests.py

     
    134134        response = self.client.post('/test_admin/%s/admin_views/article/add/' % self.urlbit, post_data)
    135135        self.failUnlessEqual(response.status_code, 200)
    136136        self.assertContains(response, 'dismissAddAnotherPopup')
    137         self.assertContains(response, 'title with a new\u000Aline')
     137        self.assertContains(response, 'title with a new\\x0Aline')
    138138
    139139    # Post data for edit inline
    140140    inline_post_data = {
  • tests/regressiontests/defaultfilters/tests.py

     
    7474
    7575    def test_escapejs(self):
    7676        self.assertEqual(escapejs(u'"double quotes" and \'single quotes\''),
    77             u'\\u0022double quotes\\u0022 and \\u0027single quotes\\u0027')
     77            u'\\x22double quotes\\x22 and \\x27single quotes\\x27')
    7878        self.assertEqual(escapejs(ur'\ : backslashes, too'),
    79             u'\\u005C : backslashes, too')
     79            u'\\x5C : backslashes, too')
    8080        self.assertEqual(escapejs(u'and lots of whitespace: \r\n\t\v\f\b'),
    81             u'and lots of whitespace: \\u000D\\u000A\\u0009\\u000B\\u000C\\u0008')
     81            u'and lots of whitespace: \\x0D\\x0A\\x09\\x0B\\x0C\\x08')
    8282        self.assertEqual(escapejs(ur'<script>and this</script>'),
    83             u'\\u003Cscript\\u003Eand this\\u003C/script\\u003E')
     83            u'\\x3Cscript\\x3Eand this\\x3C/script\\x3E')
    8484        self.assertEqual(
    8585            escapejs(u'paragraph separator:\u2029and line separator:\u2028'),
    8686            u'paragraph separator:\\u2029and line separator:\\u2028')
  • tests/regressiontests/templates/filters.py

     
    299299        'autoescape-stringfilter03': (r'{{ safe|capfirst }}', {'safe': SafeClass()}, 'You &gt; me'),
    300300        'autoescape-stringfilter04': (r'{% autoescape off %}{{ safe|capfirst }}{% endautoescape %}', {'safe': SafeClass()}, 'You &gt; me'),
    301301
    302         'escapejs01': (r'{{ a|escapejs }}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\u000D\\u000Ajavascript \\u0027string\\u0022 \\u003Cb\\u003Eescaping\\u003C/b\\u003E'),
    303         'escapejs02': (r'{% autoescape off %}{{ a|escapejs }}{% endautoescape %}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\u000D\\u000Ajavascript \\u0027string\\u0022 \\u003Cb\\u003Eescaping\\u003C/b\\u003E'),
     302        'escapejs01': (r'{{ a|escapejs }}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'),
     303        'escapejs02': (r'{% autoescape off %}{{ a|escapejs }}{% endautoescape %}', {'a': 'testing\r\njavascript \'string" <b>escaping</b>'}, 'testing\\x0D\\x0Ajavascript \\x27string\\x22 \\x3Cb\\x3Eescaping\\x3C/b\\x3E'),
    304304
    305305
    306306        # length filter.
  • tests/regressiontests/utils/html.py

     
    113113    def test_escapejs(self):
    114114        f = html.escapejs
    115115        items = (
    116             (u'"double quotes" and \'single quotes\'', u'\\u0022double quotes\\u0022 and \\u0027single quotes\\u0027'),
    117             (ur'\ : backslashes, too', u'\\u005C : backslashes, too'),
    118             (u'and lots of whitespace: \r\n\t\v\f\b', u'and lots of whitespace: \\u000D\\u000A\\u0009\\u000B\\u000C\\u0008'),
    119             (ur'<script>and this</script>', u'\\u003Cscript\\u003Eand this\\u003C/script\\u003E'),
     116            (u'"double quotes" and \'single quotes\'', u'\\x22double quotes\\x22 and \\x27single quotes\\x27'),
     117            (ur'\ : backslashes, too', u'\\x5C : backslashes, too'),
     118            (u'and lots of whitespace: \r\n\t\v\f\b', u'and lots of whitespace: \\x0D\\x0A\\x09\\x0B\\x0C\\x08'),
     119            (ur'<script>and this</script>', u'\\x3Cscript\\x3Eand this\\x3C/script\\x3E'),
    120120            (u'paragraph separator:\u2029and line separator:\u2028', u'paragraph separator:\\u2029and line separator:\\u2028'),
    121121        )
    122122        for value, output in items:
  • django/utils/html.py

     
    3434    return mark_safe(force_unicode(html).replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;').replace("'", '&#39;'))
    3535escape = allow_lazy(escape, unicode)
    3636
    37 _base_js_escapes = (
    38     ('\\', r'\u005C'),
    39     ('\'', r'\u0027'),
    40     ('"', r'\u0022'),
    41     ('>', r'\u003E'),
    42     ('<', r'\u003C'),
    43     ('&', r'\u0026'),
    44     ('=', r'\u003D'),
    45     ('-', r'\u002D'),
    46     (';', r'\u003B'),
    47     (u'\u2028', r'\u2028'),
    48     (u'\u2029', r'\u2029')
    49 )
     37_js_escapes_dict = {
     38    '\\': r'\x5C',
     39    '\'': r'\x27',
     40    '"': r'\x22',
     41    '>': r'\x3E',
     42    '<': r'\x3C',
     43    '&': r'\x26',
     44    '=': r'\x3D',
     45    '-': r'\x2D',
     46    ';': r'\x3B',
     47    u'\u2028': r'\u2028',
     48    u'\u2029': r'\u2029',
     49}
    5050
    51 # Escape every ASCII character with a value less than 32.
    52 _js_escapes = (_base_js_escapes +
    53                tuple([('%c' % z, '\\u%04X' % z) for z in range(32)]))
     51# also escape every ASCII character with a value less than 32.
     52for z in range(32):
     53    _js_escapes_dict[chr(z)] = '\\x%02X' % z
    5454
     55# construct a Regex object matching the keys in _js_escapes_dict
     56_js_escapes_re = u''.join(sorted(_js_escapes_dict.keys()))
     57_js_escapes_re = re.sub(r'[\\\\\-\]]', r'\\\g<0>', _js_escapes_re) # escape \-]
     58_js_escapes_re = '[' + _js_escapes_re + ']'
     59_js_escapes_re = re.compile(_js_escapes_re)
     60
    5561def escapejs(value):
    5662    """Hex encodes characters for use in JavaScript strings."""
    57     for bad, good in _js_escapes:
    58         value = mark_safe(force_unicode(value).replace(bad, good))
    59     return value
     63    return mark_safe(_js_escapes_re.sub(lambda m: _js_escapes_dict[m.group(0)],
     64                                        force_unicode(value)))
    6065escapejs = allow_lazy(escapejs, unicode)
    6166
    6267def conditional_escape(html):
Back to Top