Code

Ticket #17596: 17594-2.diff

File 17594-2.diff, 3.3 KB (added by claudep, 2 years ago)

Use conditional_escape for AdminField label

Line 
1diff --git a/django/contrib/admin/helpers.py b/django/contrib/admin/helpers.py
2index 04a3492..b7c65e1 100644
3--- a/django/contrib/admin/helpers.py
4+++ b/django/contrib/admin/helpers.py
5@@ -115,17 +115,17 @@ class AdminField(object):
6 
7     def label_tag(self):
8         classes = []
9+        contents = conditional_escape(force_unicode(self.field.label))
10         if self.is_checkbox:
11             classes.append(u'vCheckboxLabel')
12-            contents = force_unicode(escape(self.field.label))
13         else:
14-            contents = force_unicode(escape(self.field.label)) + u':'
15+            contents += u':'
16         if self.field.field.required:
17             classes.append(u'required')
18         if not self.is_first:
19             classes.append(u'inline')
20         attrs = classes and {'class': u' '.join(classes)} or {}
21-        return self.field.label_tag(contents=contents, attrs=attrs)
22+        return self.field.label_tag(contents=mark_safe(contents), attrs=attrs)
23 
24     def errors(self):
25         return mark_safe(self.field.errors.as_ul())
26diff --git a/tests/regressiontests/admin_util/tests.py b/tests/regressiontests/admin_util/tests.py
27index eb11015..8113f2e 100644
28--- a/tests/regressiontests/admin_util/tests.py
29+++ b/tests/regressiontests/admin_util/tests.py
30@@ -4,14 +4,17 @@ from datetime import datetime
31 
32 from django.conf import settings
33 from django.contrib import admin
34+from django.contrib.admin import helpers
35 from django.contrib.admin.util import (display_for_field, label_for_field,
36     lookup_field, NestedObjects)
37 from django.contrib.admin.views.main import EMPTY_CHANGELIST_VALUE
38 from django.contrib.sites.models import Site
39 from django.db import models, DEFAULT_DB_ALIAS
40+from django import forms
41 from django.test import TestCase
42 from django.utils import unittest
43 from django.utils.formats import localize
44+from django.utils.safestring import mark_safe
45 
46 from .models import Article, Count, Event, Location
47 
48@@ -258,3 +261,26 @@ class UtilTests(unittest.TestCase):
49         self.assertTrue(
50             unicode(log_entry).startswith('Deleted ')
51         )
52+
53+    def test_safestring_in_field_label(self):
54+        # safestring should not be escaped
55+        class MyForm(forms.Form):
56+            text = forms.CharField(label=mark_safe('<i>text</i>'))
57+            cb   = forms.BooleanField(label=mark_safe('<i>cb</i>'))
58+
59+        form = MyForm()
60+        self.assertEqual(helpers.AdminField(form, 'text', is_first=False).label_tag(),
61+                         '<label for="id_text" class="required inline"><i>text</i>:</label>')
62+        self.assertEqual(helpers.AdminField(form, 'cb', is_first=False).label_tag(),
63+                         '<label for="id_cb" class="vCheckboxLabel required inline"><i>cb</i></label>')
64+
65+        # normal strings needs to be escaped
66+        class MyForm(forms.Form):
67+            text = forms.CharField(label='&text')
68+            cb   = forms.BooleanField(label='&cb')
69+
70+        form = MyForm()
71+        self.assertEqual(helpers.AdminField(form, 'text', is_first=False).label_tag(),
72+                         '<label for="id_text" class="required inline">&amp;text:</label>')
73+        self.assertEqual(helpers.AdminField(form, 'cb', is_first=False).label_tag(),
74+                         '<label for="id_cb" class="vCheckboxLabel required inline">&amp;cb</label>')