Opened 10 years ago

Closed 10 years ago

#21399 closed Uncategorized (worksforme)

Equal sign in message breaks contrib.messages when CookieStorage is used.

Reported by: anton@… Owned by: nobody
Component: contrib.messages Version: 1.4
Severity: Normal Keywords: messages cookiestorage cookie
Cc: anton@… Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Hello!

If you have a equal sign (=) in your message and you use the CookieStorage and you do a Redirect after the have added the message, than: the message is never displayed

I think because the equal sign is not escaped and breaks the cookie. This happens in Django 1.4.5

Change History (1)

comment:1 by Baptiste Mispelon, 10 years ago

Resolution: worksforme
Status: newclosed

Hi,

I can't reproduce the issue you're describing (I tried on master and on 1.4.5 and with both the CookieStorage and the default one).
Here's the code I used:

views.py

from django.contrib import messages
from django.http import HttpResponseRedirect
from django.shortcuts import render

def show_messages(request):
    if request.method == 'POST':
        messages.success(request, 'This message contains an = sign')
        return HttpResponseRedirect(request.get_full_path())
    return render(request, 'show_messages.html')

show_messages.html

<h1>Messages</h1>
<ul>
{% for message in messages %}
    <li>{{ message }}</li>
{% endfor %}
</ul>
<form method="post">
    <input type="submit" value="Add message">
    {% csrf_token %}
</form>

Plug this in your urlconf somewhere and go to the page.
When you click the "add message" button, you can see that a message is added even though in contains an equal sign.

I'll close this ticket as worksforme. Please reopen it if you have more information on how to reproduce this issue.

Thanks

Note: See TracTickets for help on using tickets.
Back to Top