Ticket #9111: safestring-tests-r9066.diff
| File safestring-tests-r9066.diff, 2.3 KB (added by , 16 years ago) |
|---|
-
tests/regressiontests/forms/forms.py
595 595 Validation errors are HTML-escaped when output as HTML. 596 596 >>> class EscapingForm(Form): 597 597 ... special_name = CharField() 598 ... special_safe_name = CharField() 598 599 ... def clean_special_name(self): 599 600 ... raise ValidationError("Something's wrong with '%s'" % self.cleaned_data['special_name']) 601 ... def clean_special_safe_name(self): 602 ... from django.utils.safestring import mark_safe 603 ... raise ValidationError(mark_safe("'<b>%s</b>' is a safe string" % self.cleaned_data['special_safe_name'])) 600 604 601 >>> f = EscapingForm({'special_name': "Nothing to escape" }, auto_id=False)605 >>> f = EscapingForm({'special_name': "Nothing to escape", 'special_safe_name': "Nothing to escape"}, auto_id=False) 602 606 >>> print f 603 607 <tr><th>Special name:</th><td><ul class="errorlist"><li>Something's wrong with 'Nothing to escape'</li></ul><input type="text" name="special_name" value="Nothing to escape" /></td></tr> 604 >>> f = EscapingForm({'special_name': "Should escape < & > and <script>alert('xss')</script>"}, auto_id=False) 608 <tr><th>Special safe name:</th><td><ul class="errorlist"><li>'<b>Nothing to escape</b>' is a safe string</li></ul><input type="text" name="special_safe_name" value="Nothing to escape" /></td></tr> 609 >>> f = EscapingForm( 610 ... {'special_name': "Should escape < & > and <script>alert('xss')</script>", 611 ... 'special_safe_name': "<i>Do not escape</i>"}, auto_id=False) 605 612 >>> print f 606 613 <tr><th>Special name:</th><td><ul class="errorlist"><li>Something's wrong with 'Should escape < & > and <script>alert('xss')</script>'</li></ul><input type="text" name="special_name" value="Should escape < & > and <script>alert('xss')</script>" /></td></tr> 614 <tr><th>Special safe name:</th><td><ul class="errorlist"><li>'<b><i>Do not escape</i></b>' is a safe string</li></ul><input type="text" name="special_safe_name" value="<i>Do not escape</i>" /></td></tr> 607 615 608 616 """ + \ 609 617 r""" # [This concatenation is to keep the string below the jython's 32K limit].