Opened 2 years ago

Closed 2 years ago

#21399 closed Uncategorized (worksforme)

Equal sign in message breaks contrib.messages when CookieStorage is used.

Reported by: anton@… Owned by: nobody
Component: contrib.messages Version: 1.4
Severity: Normal Keywords: messages cookiestorage cookie
Cc: anton@… Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no



If you have a equal sign (=) in your message and you use the CookieStorage and you do a Redirect after the have added the message, than: the message is never displayed

I think because the equal sign is not escaped and breaks the cookie. This happens in Django 1.4.5

Change History (1)

comment:1 Changed 2 years ago by bmispelon

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to worksforme
  • Status changed from new to closed


I can't reproduce the issue you're describing (I tried on master and on 1.4.5 and with both the CookieStorage and the default one).
Here's the code I used:

from django.contrib import messages
from django.http import HttpResponseRedirect
from django.shortcuts import render

def show_messages(request):
    if request.method == 'POST':
        messages.success(request, 'This message contains an = sign')
        return HttpResponseRedirect(request.get_full_path())
    return render(request, 'show_messages.html')


{% for message in messages %}
    <li>{{ message }}</li>
{% endfor %}
<form method="post">
    <input type="submit" value="Add message">
    {% csrf_token %}

Plug this in your urlconf somewhere and go to the page.
When you click the "add message" button, you can see that a message is added even though in contains an equal sign.

I'll close this ticket as worksforme. Please reopen it if you have more information on how to reproduce this issue.


Note: See TracTickets for help on using tickets.
Back to Top