Ticket #6160: validation-escaping.5.diff

File validation-escaping.5.diff, 4.9 KB (added by Petr Marhoun <petr.marhoun@…>, 16 years ago)

  • django/contrib/auth/tests/views.py 

    === modified file 'django/contrib/auth/tests/views.py'
     
    1616        response = self.client.get('/password_reset/')
    1717        self.assertEquals(response.status_code, 200)
    1818        response = self.client.post('/password_reset/', {'email': 'not_a_real_email@email.com'})
    19         self.assertContains(response, "That e-mail address doesn't have an associated user account")
     19        self.assertContains(response, "That e-mail address doesn&#39;t have an associated user account")
    2020        self.assertEquals(len(mail.outbox), 0)
    2121
    2222    def test_email_found(self):
     
    8787        response = self.client.post(path, {'new_password1': 'anewpassword',
    8888                                           'new_password2':' x'})
    8989        self.assertEquals(response.status_code, 200)
    90         self.assert_("The two password fields didn't match" in response.content)
     90        self.assert_("The two password fields didn&#39;t match" in response.content)
    9191
    9292
    9393class ChangePasswordTest(TestCase):
     
    147147            }
    148148        )
    149149        self.assertEquals(response.status_code, 200)
    150         self.assert_("The two password fields didn't match." in response.content)
     150        self.assert_("The two password fields didn&#39;t match." in response.content)
    151151
    152152    def test_password_change_succeeds(self):
    153153        self.login()

  • django/forms/forms.py 

    === modified file 'django/forms/forms.py'
     
    55from copy import deepcopy
    66
    77from django.utils.datastructures import SortedDict
    8 from django.utils.html import escape
     8from django.utils.html import escape, conditional_escape
    99from django.utils.encoding import StrAndUnicode, smart_unicode, force_unicode
    1010from django.utils.safestring import mark_safe
    1111
     
    134134        output, hidden_fields = [], []
    135135        for name, field in self.fields.items():
    136136            bf = BoundField(self, field, name)
    137             bf_errors = self.error_class([escape(error) for error in bf.errors]) # Escape and cache in local variable.
     137            bf_errors = self.error_class([conditional_escape(error) for error in bf.errors]) # Escape and cache in local variable.
    138138            if bf.is_hidden:
    139139                if bf_errors:
    140140                    top_errors.extend([u'(Hidden field %s) %s' % (name, force_unicode(e)) for e in bf_errors])

  • django/forms/util.py 

    === modified file 'django/forms/util.py'
     
    3939    def as_ul(self):
    4040        if not self: return u''
    4141        return mark_safe(u'<ul class="errorlist">%s</ul>'
    42                 % ''.join([u'<li>%s</li>' % force_unicode(e) for e in self]))
     42                % ''.join([u'<li>%s</li>' % conditional_escape(force_unicode(e)) for e in self]))
    4343
    4444    def as_text(self):
    4545        if not self: return u''

  • tests/regressiontests/forms/util.py 

    === modified file 'tests/regressiontests/forms/util.py'
     
    4949# Can take a non-string.
    5050>>> print ValidationError(VeryBadError()).messages
    5151<ul class="errorlist"><li>A very bad error.</li></ul>
     52
     53# Can escape and conditional escape.
     54
     55>>> from django.utils.html import escape, conditional_escape
     56>>> example = 'Example of link: <a href="http://www.example.com/">example</a>'
     57
     58>>> print ValidationError(example).messages
     59<ul class="errorlist"><li>Example of link: &lt;a href=&quot;http://www.example.com/&quot;&gt;example&lt;/a&gt;</li></ul>
     60>>> print ValidationError(escape(example)).messages
     61<ul class="errorlist"><li>Example of link: &lt;a href=&quot;http://www.example.com/&quot;&gt;example&lt;/a&gt;</li></ul>
     62>>> print ValidationError(conditional_escape(example)).messages
     63<ul class="errorlist"><li>Example of link: &lt;a href=&quot;http://www.example.com/&quot;&gt;example&lt;/a&gt;</li></ul>
     64>>> print ValidationError(mark_safe(example)).messages
     65<ul class="errorlist"><li>Example of link: <a href="http://www.example.com/">example</a></li></ul>
     66
     67>>> print conditional_escape(unicode(ValidationError(example).messages))
     68<ul class="errorlist"><li>Example of link: &lt;a href=&quot;http://www.example.com/&quot;&gt;example&lt;/a&gt;</li></ul>
     69>>> print conditional_escape(unicode(ValidationError(escape(example)).messages))
     70<ul class="errorlist"><li>Example of link: &lt;a href=&quot;http://www.example.com/&quot;&gt;example&lt;/a&gt;</li></ul>
     71>>> print conditional_escape(unicode(ValidationError(conditional_escape(example)).messages))
     72<ul class="errorlist"><li>Example of link: &lt;a href=&quot;http://www.example.com/&quot;&gt;example&lt;/a&gt;</li></ul>
     73>>> print conditional_escape(unicode(ValidationError(mark_safe(example)).messages))
     74<ul class="errorlist"><li>Example of link: <a href="http://www.example.com/">example</a></li></ul>
    5275"""
Back to Top