Ticket #17596: 17594-2.diff

File 17594-2.diff, 3.3 KB (added by claudep, 3 years ago)

Use conditional_escape for AdminField label

  • django/contrib/admin/helpers.py

    diff --git a/django/contrib/admin/helpers.py b/django/contrib/admin/helpers.py
    index 04a3492..b7c65e1 100644
    a b class AdminField(object): 
    115115
    116116    def label_tag(self):
    117117        classes = []
     118        contents = conditional_escape(force_unicode(self.field.label))
    118119        if self.is_checkbox:
    119120            classes.append(u'vCheckboxLabel')
    120             contents = force_unicode(escape(self.field.label))
    121121        else:
    122             contents = force_unicode(escape(self.field.label)) + u':'
     122            contents += u':'
    123123        if self.field.field.required:
    124124            classes.append(u'required')
    125125        if not self.is_first:
    126126            classes.append(u'inline')
    127127        attrs = classes and {'class': u' '.join(classes)} or {}
    128         return self.field.label_tag(contents=contents, attrs=attrs)
     128        return self.field.label_tag(contents=mark_safe(contents), attrs=attrs)
    129129
    130130    def errors(self):
    131131        return mark_safe(self.field.errors.as_ul())
  • tests/regressiontests/admin_util/tests.py

    diff --git a/tests/regressiontests/admin_util/tests.py b/tests/regressiontests/admin_util/tests.py
    index eb11015..8113f2e 100644
    a b from datetime import datetime 
    44
    55from django.conf import settings
    66from django.contrib import admin
     7from django.contrib.admin import helpers
    78from django.contrib.admin.util import (display_for_field, label_for_field,
    89    lookup_field, NestedObjects)
    910from django.contrib.admin.views.main import EMPTY_CHANGELIST_VALUE
    1011from django.contrib.sites.models import Site
    1112from django.db import models, DEFAULT_DB_ALIAS
     13from django import forms
    1214from django.test import TestCase
    1315from django.utils import unittest
    1416from django.utils.formats import localize
     17from django.utils.safestring import mark_safe
    1518
    1619from .models import Article, Count, Event, Location
    1720
    class UtilTests(unittest.TestCase): 
    258261        self.assertTrue(
    259262            unicode(log_entry).startswith('Deleted ')
    260263        )
     264
     265    def test_safestring_in_field_label(self):
     266        # safestring should not be escaped
     267        class MyForm(forms.Form):
     268            text = forms.CharField(label=mark_safe('<i>text</i>'))
     269            cb   = forms.BooleanField(label=mark_safe('<i>cb</i>'))
     270
     271        form = MyForm()
     272        self.assertEqual(helpers.AdminField(form, 'text', is_first=False).label_tag(),
     273                         '<label for="id_text" class="required inline"><i>text</i>:</label>')
     274        self.assertEqual(helpers.AdminField(form, 'cb', is_first=False).label_tag(),
     275                         '<label for="id_cb" class="vCheckboxLabel required inline"><i>cb</i></label>')
     276
     277        # normal strings needs to be escaped
     278        class MyForm(forms.Form):
     279            text = forms.CharField(label='&text')
     280            cb   = forms.BooleanField(label='&cb')
     281
     282        form = MyForm()
     283        self.assertEqual(helpers.AdminField(form, 'text', is_first=False).label_tag(),
     284                         '<label for="id_text" class="required inline">&amp;text:</label>')
     285        self.assertEqual(helpers.AdminField(form, 'cb', is_first=False).label_tag(),
     286                         '<label for="id_cb" class="vCheckboxLabel required inline">&amp;cb</label>')
Back to Top