Ticket #15182: clearablefieldwidget-encode-to-html.patch

File clearablefieldwidget-encode-to-html.patch, 2.3 KB (added by e.generalov, 5 years ago)
  • tests/regressiontests/forms/tests/widgets.py

     
    10861086        self.assertEqual(widget.render('myfile', FakeFieldFile()),
    10871087                         u'Currently: <a target="_blank" href="something">something</a> <input type="checkbox" name="myfile-clear" id="myfile-clear_id" /> <label for="myfile-clear_id">Clear</label><br />Change: <input type="file" name="myfile" />')
    10881088
     1089    def test_encode_field_to_html(self):
     1090        """
     1091        A ClearableFileInput should encode values when render HTML.
     1092        """
     1093
     1094        class StrangeFieldFile(object):
     1095            url = "something?chapter=1&sect=2&copy=3&lang=en"
     1096
     1097            def __unicode__(self):
     1098                return u'''something<div onclick="alert('oops')">.jpg'''
     1099
     1100        widget = ClearableFileInput()
     1101        widget.is_required = False
     1102        field = StrangeFieldFile()
     1103        output = widget.render('myfile', field)
     1104        self.assertFalse(field.url in output)
     1105        self.assertTrue(u'href="something?chapter=1&amp;sect=2&amp;copy=3&amp;lang=en"' in output)
     1106        self.assertFalse(unicode(field) in output)
     1107        self.assertTrue(u'something&lt;div onclick=&quot;alert(&#39;oops&#39;)&quot;&gt;.jpg' in output)
     1108
    10891109    def test_clear_input_renders_only_if_not_required(self):
    10901110        """
    10911111        A ClearableFileInput with is_required=False does not render a clear
  • django/forms/widgets.py

     
    330330        if value and hasattr(value, "url"):
    331331            template = self.template_with_initial
    332332            substitutions['initial'] = (u'<a target="_blank" href="%s">%s</a>'
    333                                         % (value.url, value))
     333                                        % (escape(value.url),
     334                                           escape(force_unicode(value))))
    334335            if not self.is_required:
    335336                checkbox_name = self.clear_checkbox_name(name)
    336337                checkbox_id = self.clear_checkbox_id(checkbox_name)
Back to Top